Platform
java
Component
org.apache.zeppelin:zeppelin-jdbc
Fixed in
0.11.1
0.11.1
CVE-2024-31864 is a critical Remote Code Execution (RCE) vulnerability affecting Apache Zeppelin, specifically its JDBC driver. This vulnerability allows attackers to inject malicious code when connecting to MySQL databases, potentially leading to complete system takeover. The issue impacts versions of Zeppelin prior to 0.11.1, and a fix is available in version 0.11.1.
The impact of CVE-2024-31864 is severe. An attacker exploiting this vulnerability can inject arbitrary code into the Zeppelin server's execution context during a JDBC connection to a MySQL database. This injected code can then be executed with the privileges of the Zeppelin user, granting the attacker the ability to read, modify, or delete sensitive data, execute system commands, and potentially gain persistent access to the system. The blast radius extends to any data accessible by the Zeppelin user and any systems reachable from the Zeppelin server. This vulnerability shares similarities with other JDBC injection vulnerabilities where improper input validation leads to code execution.
CVE-2024-31864 was publicly disclosed on April 9, 2024. The vulnerability is considered critical due to the ease of exploitation and the potential for significant impact. No public proof-of-concept (PoC) code has been publicly released as of this writing, but the vulnerability's nature suggests that PoCs are likely to emerge. It is not currently listed on the CISA KEV catalog, but its severity warrants monitoring. Exploitation probability is considered medium.
Exploit Status
EPSS
0.85% (75% percentile)
CVSS Vector
The primary mitigation for CVE-2024-31864 is to upgrade Apache Zeppelin to version 0.11.1 or later, which contains the fix. If upgrading immediately is not possible, consider implementing temporary workarounds. Restrict network access to the Zeppelin server to only trusted sources. Review and harden the permissions of the Zeppelin user account to minimize potential damage. Implement a Web Application Firewall (WAF) with rules to detect and block JDBC injection attempts. Monitor Zeppelin logs for suspicious activity, particularly related to JDBC connections and SQL queries. After upgrading, confirm the fix by attempting a JDBC connection with a known malicious payload and verifying that it is blocked.
Upgrade Apache Zeppelin to version 0.11.1 or higher. This version corrects the code injection vulnerability. See the release notes and upgrade instructions on the official Apache Zeppelin website.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2024-31864 is a critical Remote Code Execution vulnerability in Apache Zeppelin versions before 0.11.1. It allows attackers to inject malicious code via JDBC connections to MySQL databases, potentially taking control of the server.
You are affected if you are using Apache Zeppelin versions 0.9.0-preview2 or earlier and connecting to MySQL databases via JDBC. Upgrade to 0.11.1 to mitigate the risk.
The recommended fix is to upgrade Apache Zeppelin to version 0.11.1 or later. If immediate upgrade is not possible, implement temporary workarounds like restricting network access and hardening user permissions.
While no public exploits have been confirmed, the vulnerability's severity and ease of exploitation suggest active exploitation is possible. Monitor your systems and logs for suspicious activity.
Refer to the Apache Zeppelin security page for the latest information and advisory: https://zeppelin.apache.org/security.html
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.
Upload your pom.xml file and we'll tell you instantly if you're affected.