CVE-2024-41169

The attacker can use the raft server protocol in an unauthenticated way. The attacker can see the server's resources, including directories and files. This issue affects Apache Zeppelin: from 0.10.1 up to 0.12.0. Users are recommended to upgrade to version 0.12.0, which fixes the issue by removin...

EUVD-2024-54778

Malicious code in bioql PyPI...

Improper Access Control

org.apache.zeppelin, zeppelin-server, interpreter is vulnerable to Improper Access Control. The vulnerability is due to the raft server protocol being accessible without authentication, which allows an attacker to view server resources including directories and files...

Exposure of Sensitive System Information to an Unauthorized Control Sphere

Overview Affected versions of this package are vulnerable to Exposure of Sensitive System Information to an Unauthorized Control Sphere via the raft server protocol. An attacker can access sensitive server resources, including directories and files, by sending unauthenticated requests. Remediatio...

CVE-2024-41169

The CVE concerns Apache Zeppelin (versions 0.10.1–0.12.0) where an unauthenticated raft server protocol can expose server resources, including directories and files. Root cause details in connected data indicate the raft-enabled components allow unauthenticated access, enabling an attacker to vie...

PT-2025-29332 · Apache · Apache Zeppelin

Name of the Vulnerable Software and Affected Versions: Apache Zeppelin versions 0.10.1 through 0.12.0 Description: An attacker can utilize the raft server protocol without authentication, enabling access to server resources, including directories and files. Recommendations: Upgrade to version...