7.5

CVE-2024-41169

EPSS 0.05%
Veröffentlicht 12.07.2025 16:22:35
Zuletzt bearbeitet 04.11.2025 22:16:02
Quelle security@apache.org
CVE-Watchlists
Login
Unerledigt
Login

The attacker can use the raft server protocol in an unauthenticated way. The attacker can see the server's resources, including directories and files.

This issue affects Apache Zeppelin: from 0.10.1 up to 0.12.0.

Users are recommended to upgrade to version 0.12.0, which fixes the issue by removing the Cluster Interpreter.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 7

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Apache ≫ Zeppelin Version >= 0.10.1 < 0.12.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.05%	0.144

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
134c704f-9b21-4f2e-91b3-4a467353bcc0	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE-664 Improper Control of a Resource Through its Lifetime

The product does not maintain or incorrectly maintains control over a resource throughout its lifetime of creation, use, and release.

https://github.com/apache/zeppelin/pull/4841

Patch

Vendor Advisory

https://issues.apache.org/jira/browse/ZEPPELIN-6101

Patch

Issue Tracking

https://lists.apache.org/thread/moyym04993c8owh4h0qj98r43tbo8qdd

Patch

Vendor Advisory

Mailing List

Issue Tracking

http://www.openwall.com/lists/oss-security/2025/07/13/1

https://nvd.nist.gov/vuln/detail/CVE-2024-41169

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-41169

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-41169

EUVD