CVE-2020-13929

Authentication bypass vulnerability in Apache Zeppelin allows an attacker to bypass Zeppelin authentication mechanism to act as another user. This issue affects Apache Zeppelin Apache Zeppelin version 0.9.0 and prior versions.
Configurations

Configuration 1 (hide)

cpe:2.3:a:apache:zeppelin:*:*:*:*:*:*:*:*

History

21 Nov 2024, 05:02

Type Values Removed Values Added
References () http://www.openwall.com/lists/oss-security/2021/09/02/2 - Mailing List, Third Party Advisory () http://www.openwall.com/lists/oss-security/2021/09/02/2 - Mailing List, Third Party Advisory
References () https://lists.apache.org/thread.html/r768800925d6407a6a87ccae0ec98776b7bda50c0e3ed3d0130dad028%40%3Cannounce.apache.org%3E - () https://lists.apache.org/thread.html/r768800925d6407a6a87ccae0ec98776b7bda50c0e3ed3d0130dad028%40%3Cannounce.apache.org%3E -
References () https://lists.apache.org/thread.html/r768800925d6407a6a87ccae0ec98776b7bda50c0e3ed3d0130dad028%40%3Cusers.zeppelin.apache.org%3E - Mailing List, Vendor Advisory () https://lists.apache.org/thread.html/r768800925d6407a6a87ccae0ec98776b7bda50c0e3ed3d0130dad028%40%3Cusers.zeppelin.apache.org%3E - Mailing List, Vendor Advisory
References () https://lists.apache.org/thread.html/r99529e175a7c1c9a26bd41a02802c8af7aa97319fe561874627eb999%40%3Cusers.zeppelin.apache.org%3E - () https://lists.apache.org/thread.html/r99529e175a7c1c9a26bd41a02802c8af7aa97319fe561874627eb999%40%3Cusers.zeppelin.apache.org%3E -
References () https://security.gentoo.org/glsa/202311-04 - () https://security.gentoo.org/glsa/202311-04 -

24 Nov 2023, 14:15

Type Values Removed Values Added
CWE CWE-287 NVD-CWE-noinfo
References
  • {'url': 'https://lists.apache.org/thread.html/r99529e175a7c1c9a26bd41a02802c8af7aa97319fe561874627eb999@%3Cusers.zeppelin.apache.org%3E', 'name': '[zeppelin-users] 20210928 Re: CVE-2020-13929: Apache Zeppelin: Notebook permissions bypass', 'tags': ['Mailing List', 'Vendor Advisory'], 'refsource': 'MLIST'}
  • {'url': 'https://lists.apache.org/thread.html/r768800925d6407a6a87ccae0ec98776b7bda50c0e3ed3d0130dad028@%3Cusers.zeppelin.apache.org%3E', 'name': '[zeppelin-users] 20210902 CVE-2020-13929: Apache Zeppelin: Notebook permissions bypass', 'tags': ['Mailing List', 'Vendor Advisory'], 'refsource': 'MLIST'}
  • {'url': 'https://lists.apache.org/thread.html/r768800925d6407a6a87ccae0ec98776b7bda50c0e3ed3d0130dad028@%3Cannounce.apache.org%3E', 'name': '[announce] 20210902 CVE-2020-13929: Apache Zeppelin: Notebook permissions bypass', 'tags': ['Mailing List', 'Vendor Advisory'], 'refsource': 'MLIST'}
  • () https://lists.apache.org/thread.html/r768800925d6407a6a87ccae0ec98776b7bda50c0e3ed3d0130dad028%40%3Cannounce.apache.org%3E -
  • () https://lists.apache.org/thread.html/r99529e175a7c1c9a26bd41a02802c8af7aa97319fe561874627eb999%40%3Cusers.zeppelin.apache.org%3E -
  • () https://security.gentoo.org/glsa/202311-04 -

30 Nov 2021, 21:17

Type Values Removed Values Added
References (MLIST) https://lists.apache.org/thread.html/r99529e175a7c1c9a26bd41a02802c8af7aa97319fe561874627eb999@%3Cusers.zeppelin.apache.org%3E - (MLIST) https://lists.apache.org/thread.html/r99529e175a7c1c9a26bd41a02802c8af7aa97319fe561874627eb999@%3Cusers.zeppelin.apache.org%3E - Mailing List, Vendor Advisory

28 Sep 2021, 10:15

Type Values Removed Values Added
References
  • (MLIST) https://lists.apache.org/thread.html/r99529e175a7c1c9a26bd41a02802c8af7aa97319fe561874627eb999@%3Cusers.zeppelin.apache.org%3E -

10 Sep 2021, 19:22

Type Values Removed Values Added
CWE CWE-287
CPE cpe:2.3:a:apache:zeppelin:*:*:*:*:*:*:*:*
References (MLIST) http://www.openwall.com/lists/oss-security/2021/09/02/2 - (MLIST) http://www.openwall.com/lists/oss-security/2021/09/02/2 - Mailing List, Third Party Advisory
References (MISC) https://lists.apache.org/thread.html/r768800925d6407a6a87ccae0ec98776b7bda50c0e3ed3d0130dad028%40%3Cusers.zeppelin.apache.org%3E - (MISC) https://lists.apache.org/thread.html/r768800925d6407a6a87ccae0ec98776b7bda50c0e3ed3d0130dad028%40%3Cusers.zeppelin.apache.org%3E - Mailing List, Vendor Advisory
References (MLIST) https://lists.apache.org/thread.html/r768800925d6407a6a87ccae0ec98776b7bda50c0e3ed3d0130dad028@%3Cannounce.apache.org%3E - (MLIST) https://lists.apache.org/thread.html/r768800925d6407a6a87ccae0ec98776b7bda50c0e3ed3d0130dad028@%3Cannounce.apache.org%3E - Mailing List, Vendor Advisory
References (MLIST) https://lists.apache.org/thread.html/r768800925d6407a6a87ccae0ec98776b7bda50c0e3ed3d0130dad028@%3Cusers.zeppelin.apache.org%3E - (MLIST) https://lists.apache.org/thread.html/r768800925d6407a6a87ccae0ec98776b7bda50c0e3ed3d0130dad028@%3Cusers.zeppelin.apache.org%3E - Mailing List, Vendor Advisory
CVSS v2 : unknown
v3 : unknown
v2 : 5.0
v3 : 7.5

02 Sep 2021, 22:15

Type Values Removed Values Added
References
  • (MLIST) https://lists.apache.org/thread.html/r768800925d6407a6a87ccae0ec98776b7bda50c0e3ed3d0130dad028@%3Cannounce.apache.org%3E -

02 Sep 2021, 21:15

Type Values Removed Values Added
References
  • (MLIST) http://www.openwall.com/lists/oss-security/2021/09/02/2 -

02 Sep 2021, 18:15

Type Values Removed Values Added
References
  • (MLIST) https://lists.apache.org/thread.html/r768800925d6407a6a87ccae0ec98776b7bda50c0e3ed3d0130dad028@%3Cusers.zeppelin.apache.org%3E -

02 Sep 2021, 17:21

Type Values Removed Values Added
New CVE

Information

Published : 2021-09-02 17:15

Updated : 2024-11-21 05:02


NVD link : CVE-2020-13929

Mitre link : CVE-2020-13929

CVE.ORG link : CVE-2020-13929


JSON object : View

Products Affected

apache

  • zeppelin