Primary

Context

Apache Zeppelin Raft Protocol Unauthenticated Directory Listing Vulnerability

Vulnerability

Patched

An unauthenticated vulnerability in Apache Zeppelin versions 0.10.1 prior to 0.12.0 allows attackers to exploit the raft server protocol. This exploitation enables visibility into the server's resources, including directories and files. The vulnerability arises from the unauthorized access permitted by the raft protocol, leading to unauthorized resource enumeration.

Impact

Exploitation of this vulnerability allows for unauthorized directory and file access on the server.

Remediation

Users are advised to upgrade to Apache Zeppelin version 0.12.0, which addresses this vulnerability by removing the Cluster Interpreter that utilizes the raft server protocol.

Added: Jul 12, 2025, 5:20 PM

Updated: Jul 12, 2025, 5:20 PM

Vulnerability Rating

Custom Algorithm

spread

2.6

impact

0.6

exploitability

8.4

remediation

7.7

relevance

0.2

threat

3.2

urgency

2.9

incentive

10.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

2.6

impact

0.6

exploitability

8.4

remediation

7.7

relevance

0.2

threat

3.2

urgency

2.9

incentive

10.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Apache Zeppelin Raft Protocol Unauthenticated Directory Listing Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Apache Zeppelin

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating