CVE-2024-41169

Source
https://cve.org/CVERecord?id=CVE-2024-41169
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-41169.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2024-41169
Aliases
Published
2025-07-12T16:22:35.724Z
Modified
2026-07-15T01:49:02.986537517Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
Summary
Apache Zeppelin: raft directory listing and file read
Details

The attacker can use the raft server protocol in an unauthenticated way. The attacker can see the server's resources, including directories and files.

This issue affects Apache Zeppelin: from 0.10.1 up to 0.12.0.

Users are recommended to upgrade to version 0.12.0, which fixes the issue by removing the Cluster Interpreter.

Database specific
{
    "cna_assigner": "apache",
    "cwe_ids": [
        "CWE-664"
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/41xxx/CVE-2024-41169.json"
}
References

Affected packages

Git / github.com/apache/zeppelin

Affected ranges

Type
GIT
Repo
https://github.com/apache/zeppelin
Events
Database specific
{
    "source": [
        "AFFECTED_FIELD",
        "CPE_RANGE"
    ],
    "cpe": "cpe:2.3:a:apache:zeppelin:*:*:*:*:*:*:*:*",
    "extracted_events": [
        {
            "introduced": "0.10.1"
        },
        {
            "fixed": "0.12.0"
        }
    ]
}

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-41169.json"