Vulnerability Details CVE-2024-41169
The attacker can use the raft server protocol in an unauthenticated way. The attacker can see the server's resources, including directories and files.
This issue affects Apache Zeppelin: from 0.10.1 up to 0.12.0.
Users are recommended to upgrade to version 0.12.0, which fixes the issue by removing the Cluster Interpreter.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 10.3%
CVSS Severity
CVSS v3 Score 7.5
References
Products affected by CVE-2024-41169
-
cpe:2.3:a:apache:zeppelin:0.10.1
-
cpe:2.3:a:apache:zeppelin:0.11.0
-
cpe:2.3:a:apache:zeppelin:0.11.1
-
cpe:2.3:a:apache:zeppelin:0.11.2