CVE-2018-1317: Improper Authentication

April 23, 2019 (updated April 30, 2019)

In Apache Zeppelin, the cron scheduler is enabled by default and could allow users to run paragraphs as other users without authentication.

References

www.securityfocus.com/bid/108047
lists.apache.org/thread.html/ff6b995a5a3ba8db4d6b14b4d9dd487e7bf2e3bdd5b375b64a25fd06@%3Cusers.zeppelin.apache.org%3E
nvd.nist.gov/vuln/detail/CVE-2018-1317
zeppelin.apache.org/releases/zeppelin-release-0.8.0.html

Code Behaviors & Features

Detect and mitigate CVE-2018-1317 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →