7.5

CVE-2024-41169

Apache Zeppelin: raft directory listing and file read

The attacker can use the raft server protocol in an unauthenticated way. The attacker can see the server's resources, including directories and files.

This issue affects Apache Zeppelin: from 0.10.1 up to 0.12.0.

Users are recommended to upgrade to version 0.12.0, which fixes the issue by removing the Cluster Interpreter.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
ApacheZeppelin Version >= 0.10.1 < 0.12.0
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.56% 0.423
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
134c704f-9b21-4f2e-91b3-4a467353bcc0 7.5 3.9 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CWE-664 Improper Control of a Resource Through its Lifetime

The product does not maintain or incorrectly maintains control over a resource throughout its lifetime of creation, use, and release.

https://github.com/apache/zeppelin/pull/4841
Patch
Vendor Advisory
https://issues.apache.org/jira/browse/ZEPPELIN-6101
Patch
Issue Tracking
https://lists.apache.org/thread/moyym04993c8owh4h0qj98r43tbo8qdd
Patch
Vendor Advisory
Mailing List
Issue Tracking
http://www.openwall.com/lists/oss-security/2025/07/13/1