Zeppelin

4 CVEs product

Monthly

Sort: Newest CVSS Score EPSS Score Oldest
CVE-2024-51775 MEDIUM PATCH This Month

Missing Origin Validation in WebSockets vulnerability in Apache Zeppelin. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apache Zeppelin
NVD GitHub
CVSS 3.1
5.3
EPSS
0.1%
CVE-2024-52279 MEDIUM PATCH This Month

Improper Input Validation vulnerability in Apache Zeppelin. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apache Zeppelin
NVD GitHub
CVSS 3.1
5.3
EPSS
0.3%
CVE-2024-41177 MEDIUM POC PATCH This Month

Incomplete Blacklist to Cross-Site Scripting vulnerability in Apache Zeppelin.12.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Apache XSS Zeppelin
NVD GitHub
CVSS 3.1
6.1
EPSS
0.2%
CVE-2024-41169 HIGH PATCH This Week

CVE-2024-41169 is an unauthenticated information disclosure vulnerability in Apache Zeppelin's raft server protocol that allows remote attackers to enumerate and view server resources, including sensitive directories and files, without authentication. Versions 0.10.1 through 0.12.0 are affected. The vulnerability has a CVSS score of 7.5 (High) with a network-accessible attack vector and no authentication requirements, making it trivially exploitable by unauthenticated remote actors.

Apache Information Disclosure Authentication Bypass Zeppelin
NVD GitHub
CVSS 3.1
7.5
EPSS
0.0%
CVE-2024-51775
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

Missing Origin Validation in WebSockets vulnerability in Apache Zeppelin. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apache Zeppelin
NVD GitHub
CVE-2024-52279
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

Improper Input Validation vulnerability in Apache Zeppelin. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apache Zeppelin
NVD GitHub
CVE-2024-41177
EPSS 0% CVSS 6.1
MEDIUM POC PATCH This Month

Incomplete Blacklist to Cross-Site Scripting vulnerability in Apache Zeppelin.12.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Apache XSS Zeppelin
NVD GitHub
CVE-2024-41169
EPSS 0% CVSS 7.5
HIGH PATCH This Week

CVE-2024-41169 is an unauthenticated information disclosure vulnerability in Apache Zeppelin's raft server protocol that allows remote attackers to enumerate and view server resources, including sensitive directories and files, without authentication. Versions 0.10.1 through 0.12.0 are affected. The vulnerability has a CVSS score of 7.5 (High) with a network-accessible attack vector and no authentication requirements, making it trivially exploitable by unauthenticated remote actors.

Apache Information Disclosure Authentication Bypass +1
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy