oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

https://issues.apache.org/jira/browse/ZEPPELIN-6101: CVE-2024-41169: Apache Zeppelin: raft directory listing and file read

From: PJ Fanning <fanningpj () apache org>
Date: Sat, 12 Jul 2025 16:06:43 +0000
Severity: moderate 

Affected versions:

- Apache Zeppelin (org.apache.zeppelin:zeppelin-server) 0.10.1 before 0.12.0

Description:

The attacker can use the raft server protocol in an unauthenticated way. The attacker can see the server's resources, 
including directories and files.

This issue affects Apache Zeppelin: from 0.10.1 up to 0.12.0.

Users are recommended to upgrade to version 0.12.0, which fixes the issue by removing the Cluster Interpreter.

Credit:

SuperX <superxyyang () gmail com> (finder)

References:

https://github.com/apache/zeppelin/pull/4841
https://zeppelin.apache.org/
https://www.cve.org/CVERecord?id=CVE-2024-41169
Previous By Date Next
Previous By Thread Next

Current thread: