Description

The improper Input Validation vulnerability in "”Move folder to Trash” feature of Apache Zeppelin allows an attacker to delete the arbitrary files. This issue affects Apache Zeppelin Apache Zeppelin version 0.9.0 and prior versions.

Remediation

References

https://lists.apache.org/thread/bxs056g3xlsofz0jb3wny9dw4llwptd2

Related Vulnerabilities

CVE-2023-50771 Vulnerability in maven package org.jenkins-ci.plugins:oic-auth

CVE-2019-1003052 Vulnerability in maven package org.jenkins-ci.plugins:aws-beanstalk-publisher-plugin

CVE-2022-43401 Vulnerability in maven package org.jenkins-ci.plugins:script-security

CVE-2021-32729 Vulnerability in maven package org.xwiki.platform:xwiki-platform-security-authentication-script

CVE-2023-30541 Vulnerability in npm package @openzeppelin/contracts

Severity

High

Classification

CWE-20 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L

Tags

Mailing List Vendor Advisory