Описание
The attacker can use the raft server protocol in an unauthenticated way. The attacker can see the server's resources, including directories and files.
This issue affects Apache Zeppelin: from 0.10.1 up to 0.12.0.
Users are recommended to upgrade to version 0.12.0, which fixes the issue by removing the Cluster Interpreter.
Ссылки
- PatchVendor Advisory
- Issue TrackingPatch
- Issue TrackingMailing ListPatchVendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия от 0.10.1 (включая) до 0.12.0 (исключая)
cpe:2.3:a:apache:zeppelin:*:*:*:*:*:*:*:*
EPSS
Процентиль: 14%
0.00045
Низкий
7.5 High
CVSS3
Дефекты
CWE-664
Связанные уязвимости
CVSS3: 7.5
github
7 месяцев назад
Apache Zeppelin exposes server resources to unauthenticated attackers
EPSS
Процентиль: 14%
0.00045
Низкий
7.5 High
CVSS3
Дефекты
CWE-664