{"schema_version": "1.6.1", "id": "CVE-2024-41169", "summary": "raft directory listing and file read", "details": "The attacker can use the raft server protocol in an unauthenticated way. The attacker can see the server's resources, including directories and files.\n\nThis issue affects Apache Zeppelin: from 0.10.1 up to 0.12.0.\n\nUsers are recommended to upgrade to version 0.12.0, which fixes the issue by removing the Cluster Interpreter.", "affected": [{"ranges": [{"type": "SEMVER", "events": [{"introduced": "0.10.1"}, {"fixed": "0.12.0"}]}]}], "references": [{"type": "WEB", "url": "https://github.com/apache/zeppelin/pull/4841"}, {"type": "REPORT", "url": "https://issues.apache.org/jira/browse/ZEPPELIN-6101"}, {"type": "WEB", "url": "https://lists.apache.org/thread/moyym04993c8owh4h0qj98r43tbo8qdd"}]}