Cherry Li created ZEPPELIN-5624:
-----------------------------------
Summary: Arbitrary file deletion vulnerability
Key: ZEPPELIN-5624
URL: https://issues.apache.org/jira/browse/ZEPPELIN-5624
Project: Zeppelin
Issue Type: Bug
Components: security
Affects Versions: 0.10.0, 0.9.0
Reporter: Cherry Li
Attachments:
[Hotfix]_Determine_the_legality_of_the_incoming_file_path.patch
I found a vulnerability in the Apache zeppelin (Unauthorized Level
Vulnerability) project.
By accessing
{code:java}
/api/interpreter/setting/..%2Flogs {code}
you can delete the logs folder in the directory where the current project is
located, if it is changed to
{code:java}
/api/interpreter/setting/..%2F..%2Fzeppelin {code}
, then you can delete the entire zeppelin application directory, including all
configuration files, zeppelin main program files, etc.
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
