Hi Jeff, others,
Can you please provide additional information regarding this vulnerability.
Please include the following information:
* Technical description of vulnerability, how users determine whether they are
impacted. Maybe this is satisfied by one of the following items:
* Relevant
Severity: critical
Description:
Authentication bypass vulnerability in Apache Zeppelin allows an attacker to
bypass Zeppelin authentication mechanism to act as another user. This issue
affects Apache Zeppelin Apache Zeppelin version 0.9.0 and prior versions.
Credit:
Apache Zeppelin would
I don't think so, but it is a reasonable request, please file a ticket for
it.
Sebastian Albrecht 于2020年4月2日周四
下午2:13写道:
> Hi,
> i want logged in users allow to only view and use existing notebooks, but
> not to create new ones. Is that possible somehow?
>
> Thx+BR,
> Sebastian.
>
--
Best
Hi,
i want logged in users allow to only view and use existing notebooks, but
not to create new ones. Is that possible somehow?
Thx+BR,
Sebastian.
Hello, if this is the case, can you please open a JIRA issue?
Raffaele
2017-09-08 18:18 GMT+02:00 Luis Angel Vicente Sanchez <
zeppelin-us...@bigcente.ch>:
> Ok... problem found, zeppelin.anonymous.enabled was not set to false. I
> would say that the message saying that it's ignoring the owner
Ok... problem found, zeppelin.anonymous.enabled was not set to false. I
would say that the message saying that it's ignoring the owner of a
notebook because the anonymous access is enabled should be an INFO level
message and not a DEBUG one.
--
Luis Angel Vicente Sanchez
I found that the "Cannot change permissions is always printed even if
you have the rights to change the permissions. But anyway, I can change
permissions even if I only have read access. Check the following log
messages:
INFO [2017-09-08 14:28:41,045] ({qtp1753447031-3709}
Hi,
I found that I can change permission of notebooks even if I only have
read access using the UI or sending calls to the REST API. I have tested
this against Zeppelin 0.7.1
If I check the logs I can see lots of line like these ones:
INFO [2017-09-08 13:52:33,140] ({qtp1753447031-2786}
and other magic.
Regards,
Luis Angel Vicente Sanchez
zeppelin-us...@bigcente.ch
On Thu, 31 Aug 2017, at 18:01, moon soo Lee wrote:
> Notebook permissions are stored in conf/notebook-authorization.json.
> You'll need to save/restore this file, too.
>
> Thanks,
> moon
>
>
Notebook permissions are stored in conf/notebook-authorization.json.
You'll need to save/restore this file, too.
Thanks,
moon
On Thu, Aug 31, 2017 at 9:53 AM Luis Angel Vicente Sanchez <
zeppelin-us...@bigcente.ch> wrote:
> Hi,
>
> I'm running a Zeppelin instance on Kubernetes
Hi,
I'm running a Zeppelin instance on Kubernetes. The notebooks are stored
on S3 and I have set the environment variable ZEPPELIN_NOTEBOOK_PUBLIC
to false.
When I redeploy Zeppelin, the notebook permissions (Owner, Readers,
Writers) are lost? Is this not being kept on S3?
Kind regards,
Luis
11 matches
Mail list logo
