CVE-2024-31860

Improper Input Validation vulnerability in Apache Zeppelin. By adding relative path indicators(E.g ..), attackers can see the contents for any files in the filesystem that the server account can access.  This issue affects Apache Zeppelin: from 0.9.0 before 0.11.0. Users are recommended to upgrade to version 0.11.0, which fixes the issue.
Configurations

Configuration 1 (hide)

cpe:2.3:a:apache:zeppelin:*:*:*:*:*:*:*:*

History

06 May 2025, 14:15

Type Values Removed Values Added
CWE CWE-20

05 May 2025, 20:49

Type Values Removed Values Added
CWE CWE-22
First Time Apache
Apache zeppelin
CPE cpe:2.3:a:apache:zeppelin:*:*:*:*:*:*:*:*
References () http://www.openwall.com/lists/oss-security/2024/04/09/2 - () http://www.openwall.com/lists/oss-security/2024/04/09/2 - Mailing List
References () https://github.com/apache/zeppelin/pull/4632 - () https://github.com/apache/zeppelin/pull/4632 - Issue Tracking, Patch
References () https://lists.apache.org/thread/c0zfjnow3oc3dzc8w5rbkzj8lqj5jm5x - () https://lists.apache.org/thread/c0zfjnow3oc3dzc8w5rbkzj8lqj5jm5x - Mailing List, Vendor Advisory

13 Feb 2025, 18:18

Type Values Removed Values Added
Summary (en) Improper Input Validation vulnerability in Apache Zeppelin. By adding relative path indicators(E.g ..), attackers can see the contents for any files in the filesystem that the server account can access.  This issue affects Apache Zeppelin: from 0.9.0 before 0.11.0. Users are recommended to upgrade to version 0.11.0, which fixes the issue. (en) Improper Input Validation vulnerability in Apache Zeppelin. By adding relative path indicators(E.g ..), attackers can see the contents for any files in the filesystem that the server account can access.  This issue affects Apache Zeppelin: from 0.9.0 before 0.11.0. Users are recommended to upgrade to version 0.11.0, which fixes the issue.

21 Nov 2024, 09:14

Type Values Removed Values Added
References () http://www.openwall.com/lists/oss-security/2024/04/09/2 - () http://www.openwall.com/lists/oss-security/2024/04/09/2 -
References () https://github.com/apache/zeppelin/pull/4632 - () https://github.com/apache/zeppelin/pull/4632 -
References () https://lists.apache.org/thread/c0zfjnow3oc3dzc8w5rbkzj8lqj5jm5x - () https://lists.apache.org/thread/c0zfjnow3oc3dzc8w5rbkzj8lqj5jm5x -

03 Jul 2024, 01:55

Type Values Removed Values Added
Summary
  • (es) Vulnerabilidad de validación de entrada incorrecta en Apache Zeppelin. Al agregar indicadores de ruta relativa (por ejemplo .. ), los atacantes pueden ver el contenido de cualquier archivo en el sistema de archivos al que pueda acceder la cuenta del servidor. Este problema afecta a Apache Zeppelin: desde 0.9.0 antes de 0.11.0. Se recomienda a los usuarios actualizar a la versión 0.11.0, que soluciona el problema.
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 6.5

01 May 2024, 18:15

Type Values Removed Values Added
References
  • () http://www.openwall.com/lists/oss-security/2024/04/09/2 -

09 Apr 2024, 09:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-04-09 09:15

Updated : 2025-05-06 14:15


NVD link : CVE-2024-31860

Mitre link : CVE-2024-31860

CVE.ORG link : CVE-2024-31860


JSON object : View

Products Affected

apache

  • zeppelin
CWE
CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')