CVE-2024-41169

high

Description

The attacker can use the raft server protocol in an unauthenticated way. The attacker can see the server's resources, including directories and files. This issue affects Apache Zeppelin: from 0.10.1 up to 0.12.0. Users are recommended to upgrade to version 0.12.0, which fixes the issue by removing the Cluster Interpreter.

References

https://lists.apache.org/thread/moyym04993c8owh4h0qj98r43tbo8qdd

https://issues.apache.org/jira/browse/ZEPPELIN-6101

https://github.com/apache/zeppelin/pull/4841

Details

Source: Mitre, NVD

Published: 2025-07-12

Updated: 2025-07-15

Risk Information

CVSS v2

Base Score: 7.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:N/A:N

Severity: High

CVSS v3

Base Score: 7.5

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Severity: High

EPSS

EPSS: 0.00017