CVE-2018-1317

In Apache Zeppelin prior to 0.8.0 the cron scheduler was enabled by default and could allow users to run paragraphs as other users without authentication.
Source: NIST
CVE-2018-1317