CVE-2020-13929
Authentication bypass in Apache Zeppelin
7.5
HIGH
CVSS 3.1
EPSS 0.12%
Description
Authentication bypass vulnerability in Apache Zeppelin allows an attacker to bypass Zeppelin authentication mechanism to act as another user. This issue affects Apache Zeppelin Apache Zeppelin version 0.9.0 and prior versions.
How to fix CVE-2020-13929
To remediate CVE-2020-13929, upgrade the affected package to a fixed version below.
- Maven/org.apache.zeppelin:zeppelin—upgrade to 0.10.0 or later
Is CVE-2020-13929 being exploited?
Low — EPSS is 0.1%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- from 0, < 0.10.0
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH7.5 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N |
References (10)
- ADVISORYnvd.nist.gov/vuln/detail/CVE-2020-13929
- PATCHgithub.com/apache/zeppelin
- WEBlists.apache.org/thread.html/r768800925d6407a6a87ccae0ec98776b7bda50c0e3ed3d0130dad028@%3Cannounce.apache.org%3E
- WEBlists.apache.org/thread.html/r768800925d6407a6a87ccae0ec98776b7bda50c0e3ed3d0130dad028@%3Cusers.zeppelin.apache.org%3E