PRP: Apache Zeppelin None RCE

[joernNNN]

• Identifier of the vulnerability: None
• Affected software: Apache Zeppelin
• Type of vulnerability: RCE
• Requires authentication: No
• Language you would use for writing the plugin: Templated plugins
• Resources: https://zeppelin.apache.org/docs/0.12.0/usage/rest_api/notebook#add-cron-job

I already uploaded the testbed in here: google/security-testbeds#155

[github-actions]

This issue has been put in your contributor queue. This usually
means that you already are working on a contribution and the
panel is waiting for your other contributions to be fully
merged.

An issue in your queue is not pre-approved. Any issue that is
not explicitely approved by the panel will not be eligible for
a reward.

Unless there is an emergency, an issue in your queue cannot be
claimed by another contributor.

~The Tsunami PRP team