CVE-2017-12619
Description
Apache Zeppelin before 0.7.3 had a session fixation vulnerability allowing session hijacking.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Apache Zeppelin before 0.7.3 had a session fixation vulnerability allowing session hijacking.
Description
Apache Zeppelin prior to version 0.7.3 was vulnerable to session fixation [1][2]. The application did not regenerate the session identifier after a successful authentication, enabling an attacker to force a known session ID on a victim and subsequently hijack the authenticated session.
Exploitation
An attacker can craft a link containing a predetermined session ID and entice the victim to click it. If the victim authenticates using that session, the attacker can then use the same session ID to impersonate the victim, gaining unauthorized access to the Zeppelin instance [2].
Impact
Successful exploitation allows an attacker to access the victim's session and perform actions with the victim's privileges, including viewing or modifying notebooks, configurations, and other sensitive data [1].
Mitigation
The issue was fixed in Apache Zeppelin 0.7.3, released in September 2017 [3]. Users should upgrade to 0.7.3 or later to mitigate this vulnerability.
AI Insight generated on May 22, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
org.apache.zeppelin:zeppelinMaven | < 0.7.3 | 0.7.3 |
Affected products
2Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
7- github.com/advisories/GHSA-c538-924g-99q4ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2017-12619ghsaADVISORY
- www.openwall.com/lists/oss-security/2019/04/23/1ghsamailing-listx_refsource_MLISTWEB
- www.securityfocus.com/bid/108050mitrevdb-entryx_refsource_BID
- lists.apache.org/thread.html/ff6b995a5a3ba8db4d6b14b4d9dd487e7bf2e3bdd5b375b64a25fd06%40%3Cusers.zeppelin.apache.org%3Emitremailing-listx_refsource_MLIST
- lists.apache.org/thread.html/ff6b995a5a3ba8db4d6b14b4d9dd487e7bf2e3bdd5b375b64a25fd06@%3Cusers.zeppelin.apache.org%3EghsaWEB
- zeppelin.apache.org/releases/zeppelin-release-0.7.3.htmlghsax_refsource_MISCWEB
News mentions
0No linked articles in our index yet.