CVE-2017-12619
Apache Zeppelin prior to 0.7.3 was vulnerable to session fixation which allowed an attacker to hijack a valid user session. Issue was reported by "stone lone".
Date published : 2019-04-23
http://www.securityfocus.com/bid/108050
https://zeppelin.apache.org/releases/zeppelin-release-0.7.3.html