• Apache Zeppelin Vulnerability + Metasploit

    May 2019
    Apache Zeppelin is a “Web-based notebook that enables data-driven, interactive data analytics and collaborative documents…” which is very similar to Jupyter notebook. Notebook servers offer polyglot Remote Code Execution (RCE) by design, so gaining access to one would make pwning the entire Hadoop cluster and all its data fairly simple…

[blog by caller] Correspondence welcome at ℬ㏒ {@} ㎈ℓℯℛ.ⓧⓨℤ