Vulnerability Description
Improper Input Validation vulnerability in Apache Zeppelin. The attackers can execute malicious queries by setting improper configuration properties to LDAP search filter. This issue affects Apache Zeppelin: from 0.8.2 before 0.11.1. Users are recommended to upgrade to version 0.11.1, which fixes the issue.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Apache | Zeppelin | >= 0.8.2, < 0.11.1 |
Related Weaknesses (CWE)
References
- http://www.openwall.com/lists/oss-security/2024/04/09/12Mailing List
- https://github.com/apache/zeppelin/pull/4714Issue TrackingPatch
- https://lists.apache.org/thread/s4scw8bxdhrjs0kg0lhb68xqd8y9lrtfMailing ListVendor Advisory
- http://www.openwall.com/lists/oss-security/2024/04/09/12Mailing List
- https://github.com/apache/zeppelin/pull/4714Issue TrackingPatch
- https://lists.apache.org/thread/s4scw8bxdhrjs0kg0lhb68xqd8y9lrtfMailing ListVendor Advisory
FAQ
What is CVE-2024-31867?
CVE-2024-31867 is a vulnerability with a CVSS score of 6.5 (MEDIUM). Improper Input Validation vulnerability in Apache Zeppelin. The attackers can execute malicious queries by setting improper configuration properties to LDAP search filter. This issue affects Apache Z...
How severe is CVE-2024-31867?
CVE-2024-31867 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2024-31867?
Check the references section above for vendor advisories and patch information. Affected products include: Apache Zeppelin.