CVE-2024-31863

CVE-2024-31863: Apache Zeppelin: Replacing other users notebook, bypassing any permissions

Vendor Apache Software Foundation

Product Apache Zeppelin

Weakness CWE-290

Published April 9, 2024

Last update March 25, 2025

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

Description

Authentication Bypass by Spoofing vulnerability by replacing to exsiting notes in Apache Zeppelin.This issue affects Apache Zeppelin: from 0.10.1 before 0.11.0. Users are recommended to upgrade to version 0.11.0, which fixes the issue.

Key dates

Disclosure timeline

April 9, 2024 CVE published

March 25, 2025 Record updated