Hi Jeff, others, Can you please provide additional information regarding this vulnerability. Please include the following information:
* Technical description of vulnerability, how users determine whether they are impacted. Maybe this is satisfied by one of the following items: * Relevant issue in Zeppelin Jira issue tracker. * Link to pull request or commit containing the fix. * List of released versions containing the fix. I would also highly suggest providing these additional details in one of the vulnerability databases (e.g. https://nvd.nist.gov/vuln/detail/CVE-2020-13929) so that users have a better understanding of the impact and solutions. Many thanks, Michiel On 2021/09/02 16:02:16, Jeff Zhang <z...@apache.org> wrote: > Severity: critical> > > Description:> > > Authentication bypass vulnerability in Apache Zeppelin allows an attacker to > bypass Zeppelin authentication mechanism to act as another user. This issue > affects Apache Zeppelin Apache Zeppelin version 0.9.0 and prior versions.> > > Credit:> > > Apache Zeppelin would like to thank David Woodhouse for reporting this issue > > >
