7.5

CVE-2024-41169

EPSS 0.04%
Published 12.07.2025 16:22:35
Last modified 29.07.2025 15:07:15
Source security@apache.org
Teams watchlist Login
Open Login

The attacker can use the raft server protocol in an unauthenticated way. The attacker can see the server's resources, including directories and files.

This issue affects Apache Zeppelin: from 0.10.1 up to 0.12.0.

Users are recommended to upgrade to version 0.12.0, which fixes the issue by removing the Cluster Interpreter.

Affected products Warnungen 0 Metrics 2 CWE 1 References 6

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

This information is available to logged-in users.

Data is provided by the National Vulnerability Database (NVD)

Apache ≫ Zeppelin Version >= 0.10.1 < 0.12.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.04%	0.12

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
134c704f-9b21-4f2e-91b3-4a467353bcc0	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE-664 Improper Control of a Resource Through its Lifetime

The product does not maintain or incorrectly maintains control over a resource throughout its lifetime of creation, use, and release.

https://github.com/apache/zeppelin/pull/4841

Patch

Vendor Advisory

https://issues.apache.org/jira/browse/ZEPPELIN-6101

Patch

Issue Tracking

https://lists.apache.org/thread/moyym04993c8owh4h0qj98r43tbo8qdd

Patch

Vendor Advisory

Mailing List

Issue Tracking

https://nvd.nist.gov/vuln/detail/CVE-2024-41169

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-41169

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-41169

EUVD