Home > Vulnerability Database > CVE-2024-31860

Mend.io Vulnerability Database

CVE-2024-31860

Good to know:

Date: April 9, 2024

Improper Input Validation vulnerability in Apache Zeppelin. By adding relative path indicators(E.g ..), attackers can see the contents for any files in the filesystem that the server account can access. This issue affects Apache Zeppelin: from 0.9.0 before 0.11.0. Users are recommended to upgrade to version 0.11.0, which fixes the issue.

Language: Java

Severity Score

6.5

Related Resources (7)

Url: https://github.com/apache/zeppelin/pull/4632

Url: http://www.openwall.com/lists/oss-security/2024/04/09/2

Url: https://github.com/apache/zeppelin

Url: https://lists.apache.org/thread/c0zfjnow3oc3dzc8w5rbkzj8lqj5jm5x

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-31860

Url: https://github.com/apache/zeppelin/commit/f025a697c1d1d0264064d5adf6cb0b20d85041b6

Url: https://www.mend.io/vulnerability-database/CVE-2024-31860

Severity Score

6.5

Weakness Type (CWE)

Input Validation

CWE-20

Path Traversal

CWE-22

Top Fix

Upgrade Version

Upgrade to version org.apache.zeppelin:zeppelin-server:0.11.0

Learn More

CVSS v3.1

Base Score:	6.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	NONE
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2024-31860

Good to know:

Date: April 9, 2024

Language: Java

Severity Score

Related Resources (7)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?