CVE-2024-31867

Improper Input Validation vulnerability in Apache Zeppelin. The attackers can execute malicious queries by setting improper configuration properties to LDAP search filter. This issue affects Apache Zeppelin: from 0.8.2 before 0.11.1. Users are recommended to upgrade to version 0.11.1, which fixes the issue.

CVSS

No CVSS.

References

Link	Resource
http://www.openwall.com/lists/oss-security/2024/04/09/12
https://github.com/apache/zeppelin/pull/4714
https://lists.apache.org/thread/s4scw8bxdhrjs0kg0lhb68xqd8y9lrtf

Configurations

No configuration.

History

01 May 2024, 18:15

Type	Values Removed	Values Added
Summary		(es) Vulnerabilidad de validación de entrada incorrecta en Apache Zeppelin. Los atacantes pueden ejecutar consultas maliciosas estableciendo propiedades de configuración incorrectas en el filtro de búsqueda LDAP. Este problema afecta a Apache Zeppelin: desde 0.8.2 antes de 0.11.1. Se recomienda a los usuarios actualizar a la versión 0.11.1, que soluciona el problema.
References		() http://www.openwall.com/lists/oss-security/2024/04/09/12 -

09 Apr 2024, 17:16

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-04-09 17:16

Updated : 2024-05-01 18:15

NVD link : CVE-2024-31867

Mitre link : CVE-2024-31867

CVE.ORG link : CVE-2024-31867

JSON object : View

Products Affected

No product.

CWE

CWE-20

Improper Input Validation

JSON object

Attach tags to CVE-2024-31867

Attach tags to `CVE-2024-31867`