CVE-2017-12619

Apache Zeppelin prior to 0.7.3 was vulnerable to session fixation which allowed an attacker to hijack a valid user session. Issue was reported by "stone lone".

Date published : 2019-04-23

http://www.securityfocus.com/bid/108050

https://zeppelin.apache.org/releases/zeppelin-release-0.7.3.html