Unauthenticated Resource Exposure in Apache Zeppelin by Apache
CVE-2024-41169
7.5HIGH
What is CVE-2024-41169?
An unauthenticated vulnerability exists in Apache Zeppelin, allowing attackers to exploit the raft server protocol. This vulnerability enables unauthorized access to server resources, including sensitive directories and files. Affected versions are from 0.10.1 to 0.12.0. Users are advised to upgrade to version 0.12.0, which mitigates the issue by eliminating the Cluster Interpreter, securing access to server resources.
Affected Version(s)
Apache Zeppelin 0.10.1 < 0.12.0
References
CVSS V3.1
Score:
7.5
Severity:
HIGH
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved
Credit
SuperX <[email protected]>