Vulnerability Description
Authentication bypass vulnerability in Apache Zeppelin allows an attacker to bypass Zeppelin authentication mechanism to act as another user. This issue affects Apache Zeppelin Apache Zeppelin version 0.9.0 and prior versions.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Apache | Zeppelin | <= 0.9.0 |
References
- http://www.openwall.com/lists/oss-security/2021/09/02/2Mailing ListThird Party Advisory
- https://lists.apache.org/thread.html/r768800925d6407a6a87ccae0ec98776b7bda50c0e3
- https://lists.apache.org/thread.html/r768800925d6407a6a87ccae0ec98776b7bda50c0e3Mailing ListVendor Advisory
- https://lists.apache.org/thread.html/r768800925d6407a6a87ccae0ec98776b7bda50c0e3Mailing ListVendor Advisory
- https://lists.apache.org/thread.html/r99529e175a7c1c9a26bd41a02802c8af7aa97319fe
- https://security.gentoo.org/glsa/202311-04
- http://www.openwall.com/lists/oss-security/2021/09/02/2Mailing ListThird Party Advisory
- https://lists.apache.org/thread.html/r768800925d6407a6a87ccae0ec98776b7bda50c0e3
- https://lists.apache.org/thread.html/r768800925d6407a6a87ccae0ec98776b7bda50c0e3Mailing ListVendor Advisory
- https://lists.apache.org/thread.html/r768800925d6407a6a87ccae0ec98776b7bda50c0e3Mailing ListVendor Advisory
- https://lists.apache.org/thread.html/r99529e175a7c1c9a26bd41a02802c8af7aa97319fe
- https://security.gentoo.org/glsa/202311-04
FAQ
What is CVE-2020-13929?
CVE-2020-13929 is a vulnerability with a CVSS score of 7.5 (HIGH). Authentication bypass vulnerability in Apache Zeppelin allows an attacker to bypass Zeppelin authentication mechanism to act as another user. This issue affects Apache Zeppelin Apache Zeppelin version...
How severe is CVE-2020-13929?
CVE-2020-13929 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2020-13929?
Check the references section above for vendor advisories and patch information. Affected products include: Apache Zeppelin.