CVE-2022-47894

09.04.2024, 10:15

Improper Input Validation vulnerability in Apache Zeppelin SAP.This issue affects Apache Zeppelin SAP: from 0.8.0 before 0.11.0.

As this project is retired, we do not plan to release a version that fixes this issue. Users are recommended to find an alternative or restrict access to the instance to trusted users.

For more information, the fix already was merged in the source code but Zeppelin decided to retire the SAP component
NOTE: This vulnerability only affects products that are no longer supported by the maintainer.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	5.3 MEDIUM	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
apache	CNA	---				---
CVE	ADP	---				---
CISA-ADP	ADP	5.3 MEDIUM	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Base Score

CVSS 3.x

EPSS Score

Percentile: 50%

Vendor	Product	Version
apache	zeppelin	0.11.0 < 𝑥 < 0.11.0
apache	zeppelin	0.8.0 ≤ 𝑥 < 0.11.0

𝑥

= Vulnerable software versions

Common Weakness Enumeration

CWE-20 - Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References

http://www.openwall.com/lists/oss-security/2024/04/09/4

https://github.com/apache/zeppelin/pull/4302

https://lists.apache.org/thread/csf4k73kkn3nx58pm0p2qrylbox4fvyy

http://www.openwall.com/lists/oss-security/2024/04/09/4

https://github.com/apache/zeppelin/pull/4302

https://lists.apache.org/thread/csf4k73kkn3nx58pm0p2qrylbox4fvyy