CVE-2021-28655

The improper Input Validation vulnerability in "”Move folder to Trash” feature of Apache Zeppelin allows an attacker to delete the arbitrary files. This issue affects Apache Zeppelin Apache Zeppelin version 0.9.0 and prior versions.

CVSS v3 6.5 MEDIUM

6.5^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 3.9 / Impact : 2.5

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact LOW

Availability Impact LOW

Scope UNCHANGED

References

Link	Resource
https://lists.apache.org/thread/bxs056g3xlsofz0jb3wny9dw4llwptd2	Mailing List Vendor Advisory
https://lists.apache.org/thread/bxs056g3xlsofz0jb3wny9dw4llwptd2	Mailing List Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:apache:zeppelin:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2022-12-16 13:15

Updated : 2025-04-17 16:15

NVD link : CVE-2021-28655

Mitre link : CVE-2021-28655

CVE.ORG link : CVE-2021-28655

JSON object : View

Products Affected

apache

zeppelin

CWE

CWE-20

Improper Input Validation

{"id": "CVE-2021-28655", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 2.5, "exploitabilityScore": 3.9}, {"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 2.5, "exploitabilityScore": 3.9}]}, "published": "2022-12-16T13:15:08.723", "references": [{"url": "https://lists.apache.org/thread/bxs056g3xlsofz0jb3wny9dw4llwptd2", "tags": ["Mailing List", "Vendor Advisory"], "source": "security@apache.org"}, {"url": "https://lists.apache.org/thread/bxs056g3xlsofz0jb3wny9dw4llwptd2", "tags": ["Mailing List", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "security@apache.org", "description": [{"lang": "en", "value": "CWE-20"}]}], "descriptions": [{"lang": "en", "value": "The improper Input Validation vulnerability in \"\u201dMove folder to Trash\u201d feature of Apache Zeppelin allows an attacker to delete the arbitrary files. This issue affects Apache Zeppelin Apache Zeppelin version 0.9.0 and prior versions."}, {"lang": "es", "value": "La vulnerabilidad de validaci\u00f3n de entrada incorrecta en la funci\u00f3n \"Move folder to Trash\" de Apache Zeppelin permite a un atacante eliminar archivos arbitrarios. Este problema afecta a Apache Zeppelin Apache Zeppelin versi\u00f3n 0.9.0 y versiones anteriores."}], "lastModified": "2025-04-17T16:15:23.250", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:apache:zeppelin:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "26319B3A-B658-40AE-83DA-62FEDEA6D002", "versionEndIncluding": "0.9.0"}], "operator": "OR"}]}], "sourceIdentifier": "security@apache.org"}