CVE-2024-41169

Summary

The attacker can use the raft server protocol in an unauthenticated way. The attacker can see the server's resources, including directories and files.

This issue affects Apache Zeppelin: from 0.10.1 up to 0.12.0.

Users are recommended to upgrade to version 0.12.0, which fixes the issue by removing the Cluster Interpreter.

Affected Software

VendorProductVersion RangeStatus
Apache Software FoundationApache Zeppelin0.10.1 < 0.12.0affected

Weaknesses

  • CWE-664: CWE-664 Improper Control of a Resource Through its Lifetime

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

CVE Program Container

Additional References

References