Описание
Apache Zeppelin prior to 0.7.3 was vulnerable to session fixation which allowed an attacker to hijack a valid user session. Issue was reported by "stone lone".
Ссылки
- Mailing ListRelease NotesThird Party Advisory
- Third Party AdvisoryVDB Entry
- Release NotesVendor Advisory
- Mailing ListRelease NotesThird Party Advisory
- Third Party AdvisoryVDB Entry
- Release NotesVendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 0.7.3 (исключая)
cpe:2.3:a:apache:zeppelin:*:*:*:*:*:*:*:*
EPSS
Процентиль: 76%
0.00967
Низкий
8.1 High
CVSS3
5.8 Medium
CVSS2
Дефекты
CWE-384
Связанные уязвимости
EPSS
Процентиль: 76%
0.00967
Низкий
8.1 High
CVSS3
5.8 Medium
CVSS2
Дефекты
CWE-384