Unauthenticated Resource Exposure in Apache Zeppelin by Apache
CVE-2024-41169

Currently unrated

Key Information:

Vendor: Apache
Status: Apache Zeppelin
Vendor: CVE Published:; 12 July 2025

What is CVE-2024-41169?

An unauthenticated vulnerability exists in Apache Zeppelin, allowing attackers to exploit the raft server protocol. This vulnerability enables unauthorized access to server resources, including sensitive directories and files. Affected versions are from 0.10.1 to 0.12.0. Users are advised to upgrade to version 0.12.0, which mitigates the issue by eliminating the Cluster Interpreter, securing access to server resources.

Affected Version(s)

Apache Zeppelin 0.10.1 < 0.12.0

References

https://github.com/apache/zeppelin/pull/4841

patch

https://issues.apache.org/jira/browse/ZEPPELIN-6101

issue-tracking

https://lists.apache.org/thread/moyym04993c8owh4h0qj98r43...

vendor-advisory

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 12, 2025
Vulnerability Reserved
Jul 17, 2024

Credit

SuperX <[email protected]>