Primary

Context

Apache Zeppelin WebSockets Origin Validation Vulnerability

Vulnerability

Patched

A vulnerability exists in Apache Zeppelin versions 0.11.1 prior to 0.12.0, due to missing origin validation in WebSocket connections. This flaw allows attackers to access the Zeppelin server from untrusted origins, potentially exposing internal information about paragraphs. The issue has been addressed in version 0.12.0.

Impact

Exploitation of this vulnerability could lead to unauthorized access to internal information on the Zeppelin server, specifically related to paragraphs.

Remediation

Users are advised to upgrade to Apache Zeppelin version 0.12.0, which includes the necessary origin validation for WebSocket connections.

Added: Aug 3, 2025, 11:18 AM

Updated: Aug 3, 2025, 11:18 AM

Vulnerability Rating

Custom Algorithm

spread

2.6

impact

2.5

exploitability

7.0

remediation

7.7

relevance

0.3

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

2.6

impact

2.5

exploitability

7.0

remediation

7.7

relevance

0.3

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Apache Zeppelin WebSockets Origin Validation Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Apache Zeppelin

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating