CVE-2020-13929: Notebook permissions bypass
First published: Thu Sep 02 2021(Updated: )
Authentication bypass vulnerability in Apache Zeppelin allows an attacker to bypass Zeppelin authentication mechanism to act as another user. This issue affects Apache Zeppelin Apache Zeppelin version 0.9.0 and prior versions.
Credit: security@apache.org security@apache.org security@apache.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Apache Zeppelin | <=0.9.0 | |
| maven/org.apache.zeppelin:zeppelin | <0.10.0 | 0.10.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.openwall.com/lists/oss-security/2021/09/02/2
- https://lists.apache.org/thread.html/r768800925d6407a6a87ccae0ec98776b7bda50c0e3ed3d0130dad028%40%3Cusers.zeppelin.apache.org%3E
- https://lists.apache.org/thread.html/r768800925d6407a6a87ccae0ec98776b7bda50c0e3ed3d0130dad028@%3Cannounce.apache.org%3E
- https://lists.apache.org/thread.html/r768800925d6407a6a87ccae0ec98776b7bda50c0e3ed3d0130dad028@%3Cusers.zeppelin.apache.org%3E
- https://lists.apache.org/thread.html/r99529e175a7c1c9a26bd41a02802c8af7aa97319fe561874627eb999@%3Cusers.zeppelin.apache.org%3E
- https://lists.apache.org/thread.html/r768800925d6407a6a87ccae0ec98776b7bda50c0e3ed3d0130dad028%40%3Cannounce.apache.org%3E
- https://lists.apache.org/thread.html/r99529e175a7c1c9a26bd41a02802c8af7aa97319fe561874627eb999%40%3Cusers.zeppelin.apache.org%3E
- https://security.gentoo.org/glsa/202311-04
- https://nvd.nist.gov/vuln/detail/CVE-2020-13929
- https://github.com/advisories/GHSA-87p2-cvhq-q4mv (Advisory)
Frequently Asked Questions
What is CVE-2020-13929?
CVE-2020-13929 is an authentication bypass vulnerability in Apache Zeppelin that allows an attacker to bypass Zeppelin authentication mechanism to act as another user.
How does CVE-2020-13929 affect Apache Zeppelin?
CVE-2020-13929 affects Apache Zeppelin version 0.9.0 and prior versions.
What is the severity of CVE-2020-13929?
CVE-2020-13929 has a severity rating of 7.5 (High).
How can an attacker exploit CVE-2020-13929?
An attacker can exploit CVE-2020-13929 by bypassing the Zeppelin authentication mechanism to act as another user.
Is there a fix available for CVE-2020-13929?
Yes, upgrading to a version of Apache Zeppelin that is not affected by CVE-2020-13929 will fix the vulnerability.
- collector/nvd-index
- collector/nvd-api
- collector/github-advisory-latest
- alias/GHSA-87p2-cvhq-q4mv
- alias/CVE-2020-13929
- collector/nvd-cve
- collector/github-advisory
- agent/type
- agent/references
- agent/softwarecombine
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- agent/title
- agent/last-modified-date
- agent/severity
- agent/author
- agent/weakness
- agent/description
- agent/tags
- agent/event
- agent/trending
- vendor/apache
- canonical/apache zeppelin
- version/apache zeppelin/0.9.0
- package-manager/maven