Missing Origin Validation Vulnerability in Apache Zeppelin by Apache
CVE-2024-51775

5.3MEDIUM

Key Information:

Vendor

Apache

Vendor
CVE Published:
3 August 2025

What is CVE-2024-51775?

A vulnerability has been identified in Apache Zeppelin due to missing origin validation in WebSockets. This flaw allows an attacker to access the Zeppelin server from unauthorized origins, potentially exposing sensitive internal information about paragraphs. The affected versions include Apache Zeppelin from 0.11.1 to prior to 0.12.0. It is highly recommended for users to upgrade to version 0.12.0, which includes a fix addressing this security concern.

Affected Version(s)

Apache Zeppelin 0.11.1 < 0.12.0

References

CVSS V3.1

Score:
5.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Calum Hutton
.