CVE-2024-41169 — HIGH (7.5)

Q: How severe is CVE-2024-41169?

CVE-2024-41169 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2024-41169?

Check the references section above for vendor advisories and patch information. Affected products include: Apache Zeppelin.

Vulnerability Description

The attacker can use the raft server protocol in an unauthenticated way. The attacker can see the server's resources, including directories and files. This issue affects Apache Zeppelin: from 0.10.1 up to 0.12.0. Users are recommended to upgrade to version 0.12.0, which fixes the issue by removing the Cluster Interpreter.

CVSS Score

7.5

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Apache	Zeppelin	>= 0.10.1, < 0.12.0

Related Weaknesses (CWE)

CWE-664

References

https://github.com/apache/zeppelin/pull/4841PatchVendor Advisory
https://issues.apache.org/jira/browse/ZEPPELIN-6101Issue TrackingPatch
https://lists.apache.org/thread/moyym04993c8owh4h0qj98r43tbo8qddIssue TrackingMailing ListPatch
http://www.openwall.com/lists/oss-security/2025/07/13/1

FAQ

What is CVE-2024-41169?

CVE-2024-41169 is a vulnerability with a CVSS score of 7.5 (HIGH). The attacker can use the raft server protocol in an unauthenticated way. The attacker can see the server's resources, including directories and files. This issue affects Apache Zeppelin: from 0.10.1 ...

How severe is CVE-2024-41169?

CVE-2024-41169 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2024-41169?

Check the references section above for vendor advisories and patch information. Affected products include: Apache Zeppelin.