CVE-2024-31863

Authentication Bypass by Spoofing vulnerability by replacing to exsiting notes in Apache Zeppelin.This issue affects Apache Zeppelin: from 0.10.1 before 0.11.0. Users are recommended to upgrade to version 0.11.0, which fixes the issue.

CVSS v3 5.3 MEDIUM

5.3^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 3.9 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
http://www.openwall.com/lists/oss-security/2024/04/09/6	Mailing List
https://lists.apache.org/thread/3od2gfpwllmtc9c5ggw04ohn8s7w3ct9	Mailing List
http://www.openwall.com/lists/oss-security/2024/04/09/6	Mailing List
https://lists.apache.org/thread/3od2gfpwllmtc9c5ggw04ohn8s7w3ct9	Mailing List

Configurations

Configuration 1 (hide)

cpe:2.3:a:apache:zeppelin:0.10.1:*:*:*:*:*:*:*

History

13 Feb 2025, 18:18

Type	Values Removed	Values Added
Summary	(en) Authentication Bypass by Spoofing vulnerability by replacing to exsiting notes in Apache Zeppelin.This issue affects Apache Zeppelin: from 0.10.1 before 0.11.0. Users are recommended to upgrade to version 0.11.0, which fixes the issue.	(en) Authentication Bypass by Spoofing vulnerability by replacing to exsiting notes in Apache Zeppelin.This issue affects Apache Zeppelin: from 0.10.1 before 0.11.0. Users are recommended to upgrade to version 0.11.0, which fixes the issue.

11 Feb 2025, 16:28

Type	Values Removed	Values Added
First Time		Apache Apache zeppelin
References	~~() http://www.openwall.com/lists/oss-security/2024/04/09/6 -~~	() http://www.openwall.com/lists/oss-security/2024/04/09/6 - Mailing List
References	~~() https://lists.apache.org/thread/3od2gfpwllmtc9c5ggw04ohn8s7w3ct9 -~~	() https://lists.apache.org/thread/3od2gfpwllmtc9c5ggw04ohn8s7w3ct9 - Mailing List
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 5.3
CPE		cpe:2.3:a:apache:zeppelin:0.10.1:::::::*

Information

Published : 2024-04-09 11:15

Updated : 2025-03-25 19:15

NVD link : CVE-2024-31863

Mitre link : CVE-2024-31863

CVE.ORG link : CVE-2024-31863

JSON object : View

Products Affected

apache

zeppelin

CWE

CWE-290

Authentication Bypass by Spoofing

{"id": "CVE-2024-31863", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 3.9}, {"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 3.9}]}, "published": "2024-04-09T11:15:31.713", "references": [{"url": "http://www.openwall.com/lists/oss-security/2024/04/09/6", "tags": ["Mailing List"], "source": "security@apache.org"}, {"url": "https://lists.apache.org/thread/3od2gfpwllmtc9c5ggw04ohn8s7w3ct9", "tags": ["Mailing List"], "source": "security@apache.org"}, {"url": "http://www.openwall.com/lists/oss-security/2024/04/09/6", "tags": ["Mailing List"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://lists.apache.org/thread/3od2gfpwllmtc9c5ggw04ohn8s7w3ct9", "tags": ["Mailing List"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "security@apache.org", "description": [{"lang": "en", "value": "CWE-290"}]}], "descriptions": [{"lang": "en", "value": "Authentication Bypass by Spoofing vulnerability by replacing to exsiting notes in Apache Zeppelin.This issue affects Apache Zeppelin: from 0.10.1 before 0.11.0.\n\nUsers are recommended to upgrade to version 0.11.0, which fixes the issue."}, {"lang": "es", "value": "Vulnerabilidad de omisi\u00f3n de autenticaci\u00f3n mediante suplantaci\u00f3n de identidad al reemplazar notas existentes en Apache Zeppelin. Este problema afecta a Apache Zeppelin: desde 0.10.1 antes de 0.11.0. Se recomienda a los usuarios actualizar a la versi\u00f3n 0.11.0, que soluciona el problema."}], "lastModified": "2025-03-25T19:15:42.637", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:apache:zeppelin:0.10.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2A708A99-988D-485D-A762-BA4A119EE528"}], "operator": "OR"}]}], "sourceIdentifier": "security@apache.org"}