CVE Vulnerabilities

CVE-2024-31863

Authentication Bypass by Spoofing

Published: Apr 09, 2024 | Modified: Feb 11, 2025
CVSS 3.x
5.3
MEDIUM
Source:
NVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
CVSS 2.x
RedHat/V2
RedHat/V3
Ubuntu

Authentication Bypass by Spoofing vulnerability by replacing to exsiting notes in Apache Zeppelin.This issue affects Apache Zeppelin: from 0.10.1 before 0.11.0.

Users are recommended to upgrade to version 0.11.0, which fixes the issue.

Weakness

This attack-focused weakness is caused by incorrectly implemented authentication schemes that are subject to spoofing attacks.

Affected Software

Name Vendor Start Version End Version
Zeppelin Apache 0.10.1 (including) 0.10.1 (including)

References