CVE-2017-12619: Session Fixation

April 23, 2019 (updated April 30, 2019)

Apache Zeppelin is vulnerable to session fixation which allows an attacker to hijack valid user sessions.

References

www.securityfocus.com/bid/108050
lists.apache.org/thread.html/ff6b995a5a3ba8db4d6b14b4d9dd487e7bf2e3bdd5b375b64a25fd06@%3Cusers.zeppelin.apache.org%3E
nvd.nist.gov/vuln/detail/CVE-2017-12619
zeppelin.apache.org/releases/zeppelin-release-0.7.3.html

Code Behaviors & Features

Detect and mitigate CVE-2017-12619 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →