Описание
Apache Zeppelin exposes server resources to unauthenticated attackers
The attacker can use the raft server protocol in an unauthenticated way. The attacker can see the server's resources, including directories and files.
This issue affects Apache Zeppelin: from 0.10.1 up to 0.12.0.
Users are recommended to upgrade to version 0.12.0, which fixes the issue by removing the Cluster Interpreter.
Пакеты
org.apache.zeppelin:zeppelin-interpreter
>= 0.10.1, < 0.12.0
0.12.0
org.apache.zeppelin:zeppelin-server
>= 0.10.1, < 0.12.0
0.12.0
Связанные уязвимости
The attacker can use the raft server protocol in an unauthenticated way. The attacker can see the server's resources, including directories and files. This issue affects Apache Zeppelin: from 0.10.1 up to 0.12.0. Users are recommended to upgrade to version 0.12.0, which fixes the issue by removing the Cluster Interpreter.