Vulnerabilities > Apache > Zeppelin > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-04-09 | CVE-2024-31863 | Unspecified vulnerability in Apache Zeppelin 0.10.1 Authentication Bypass by Spoofing vulnerability by replacing to exsiting notes in Apache Zeppelin.This issue affects Apache Zeppelin: from 0.10.1 before 0.11.0. Users are recommended to upgrade to version 0.11.0, which fixes the issue. | 5.3 |
| 2022-12-16 | CVE-2021-28655 | Unspecified vulnerability in Apache Zeppelin The improper Input Validation vulnerability in "”Move folder to Trash” feature of Apache Zeppelin allows an attacker to delete the arbitrary files. | 6.5 |
| 2022-12-16 | CVE-2022-46870 | Unspecified vulnerability in Apache Zeppelin An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Apache Zeppelin allows logged-in users to execute arbitrary javascript in other users' browsers. This issue affects Apache Zeppelin before 0.8.2. | 5.4 |
| 2021-09-02 | CVE-2021-27578 | Cross-site Scripting vulnerability in Apache Zeppelin Cross Site Scripting vulnerability in markdown interpreter of Apache Zeppelin allows an attacker to inject malicious scripts. | 6.1 |
| 2019-04-23 | CVE-2018-1328 | Cross-site Scripting vulnerability in Apache Zeppelin Apache Zeppelin prior to 0.8.0 had a stored XSS issue via Note permissions. | 6.1 |