प्लेटफ़ॉर्म
java
घटक
org.apache.zeppelin:zeppelin-jdbc
में ठीक किया गया
0.11.1
0.11.1
CVE-2024-31864 is a critical Remote Code Execution (RCE) vulnerability affecting Apache Zeppelin, specifically its JDBC driver. This vulnerability allows attackers to inject malicious code when connecting to MySQL databases, potentially leading to complete system takeover. The issue impacts versions of Zeppelin prior to 0.11.1, and a fix is available in version 0.11.1.
The impact of CVE-2024-31864 is severe. An attacker exploiting this vulnerability can inject arbitrary code into the Zeppelin server's execution context during a JDBC connection to a MySQL database. This injected code can then be executed with the privileges of the Zeppelin user, granting the attacker the ability to read, modify, or delete sensitive data, execute system commands, and potentially gain persistent access to the system. The blast radius extends to any data accessible by the Zeppelin user and any systems reachable from the Zeppelin server. This vulnerability shares similarities with other JDBC injection vulnerabilities where improper input validation leads to code execution.
CVE-2024-31864 was publicly disclosed on April 9, 2024. The vulnerability is considered critical due to the ease of exploitation and the potential for significant impact. No public proof-of-concept (PoC) code has been publicly released as of this writing, but the vulnerability's nature suggests that PoCs are likely to emerge. It is not currently listed on the CISA KEV catalog, but its severity warrants monitoring. Exploitation probability is considered medium.
Organizations using Apache Zeppelin to connect to MySQL databases are at risk, particularly those running versions prior to 0.11.1. Environments with sensitive data stored in MySQL databases are especially vulnerable. Shared hosting environments where multiple users share a Zeppelin instance are also at increased risk.
• linux / server:
journalctl -u zeppelin | grep -i "jdbc:mysql:"• java / supply-chain: Inspect Zeppelin's dependencies for vulnerable versions of the JDBC driver. Use a dependency scanning tool to identify outdated libraries. • generic web: Monitor Zeppelin logs for unusual JDBC connection attempts or SQL queries. Look for patterns indicative of code injection. • database (mysql): Review MySQL audit logs for connections originating from the Zeppelin server and examine the executed queries for suspicious commands.
disclosure
एक्सप्लॉइट स्थिति
EPSS
0.85% (75% शतमक)
CVSS वेक्टर
The primary mitigation for CVE-2024-31864 is to upgrade Apache Zeppelin to version 0.11.1 or later, which contains the fix. If upgrading immediately is not possible, consider implementing temporary workarounds. Restrict network access to the Zeppelin server to only trusted sources. Review and harden the permissions of the Zeppelin user account to minimize potential damage. Implement a Web Application Firewall (WAF) with rules to detect and block JDBC injection attempts. Monitor Zeppelin logs for suspicious activity, particularly related to JDBC connections and SQL queries. After upgrading, confirm the fix by attempting a JDBC connection with a known malicious payload and verifying that it is blocked.
Apache Zeppelin को संस्करण 0.11.1 या उच्चतर में अपडेट करें। यह संस्करण कोड इंजेक्शन भेद्यता को ठीक करता है। Apache Zeppelin की आधिकारिक वेबसाइट पर रिलीज़ नोट्स और अपडेट निर्देश देखें।
भेद्यता विश्लेषण और गंभीर अलर्ट सीधे आपके ईमेल में।
CVE-2024-31864 is a critical Remote Code Execution vulnerability in Apache Zeppelin versions before 0.11.1. It allows attackers to inject malicious code via JDBC connections to MySQL databases, potentially taking control of the server.
You are affected if you are using Apache Zeppelin versions 0.9.0-preview2 or earlier and connecting to MySQL databases via JDBC. Upgrade to 0.11.1 to mitigate the risk.
The recommended fix is to upgrade Apache Zeppelin to version 0.11.1 or later. If immediate upgrade is not possible, implement temporary workarounds like restricting network access and hardening user permissions.
While no public exploits have been confirmed, the vulnerability's severity and ease of exploitation suggest active exploitation is possible. Monitor your systems and logs for suspicious activity.
Refer to the Apache Zeppelin security page for the latest information and advisory: https://zeppelin.apache.org/security.html
अपनी डिपेंडेंसी फ़ाइल अपलोड करें और तुरंत जानें कि यह CVE और अन्य आपको प्रभावित करती हैं या नहीं।
अपनी pom.xml फ़ाइल अपलोड करें और तुरंत जानें कि आप प्रभावित हैं या नहीं।