CNNVD-202507-1741 Information
CNNVD ID
CNNVD-202507-1741
Related CVE
- CNNVD Published: 2025-07-12
Description (Chinese)
Apache Zeppelin是美国阿帕奇(Apache)基金会的一款基于Web的开源笔记本应用程序。该程序支持交互式数据分析和协作文档。 Apache Zeppelin 0.10.1至0.12.0版本存在安全漏洞,该漏洞源于攻击者可未经验证使用raft服务器协议查看服务器资源。
Description (English)
Apache Zeppelin is a Web-based open-source laptop application of the Apache Foundation in the United States. This program supports interactive data analysis and collaborative documentation. There is a security loophole in Appache Zeppelin versions 0.10.1 to 0.12.0, which stems from the fact that the attackers have access to server resources without certification using the raft server protocol.
Hazard Level
Medium
Vulnerability Type
其他
Affected Vendor
阿帕奇
Published
2025-07-12
Last Modified
2026-02-24
References
https://github.com/apache/zeppelin/pull/4841 https://lists.apache.org/thread/moyym04993c8owh4h0qj98r43tbo8qdd https://issues.apache.org/jira/browse/ZEPPELIN-6101 https://access.redhat.com/security/cve/cve-2024-41169
Patch
https://zeppelin.apache.org/download.html
Share on: