CVE-2024-41169

CVE-2024-41169: Apache Zeppelin: raft directory listing and file read

Vendor Apache Software Foundation

Product Apache Zeppelin

Weakness CWE-664

Published July 12, 2025

Last update November 4, 2025

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

Description

The attacker can use the raft server protocol in an unauthenticated way. The attacker can see the server's resources, including directories and files. This issue affects Apache Zeppelin: from 0.10.1 up to 0.12.0. Users are recommended to upgrade to version 0.12.0, which fixes the issue by removing the Cluster Interpreter.

Key dates

Disclosure timeline

July 12, 2025 CVE published

November 4, 2025 Record updated