CVE-2021-28656 Apache Zeppelin: CSRF vulnerability in the Credentials page

2024-04-0909:12:58

CWE-352

apache

www.cve.org

apache zeppelin

csrf

vulnerability

cve-2021-28656

credentials page

cross-site request forgery

AI Score

6.8

Confidence

High

EPSS

Percentile

9.0%

JSON

Cross-Site Request Forgery (CSRF) vulnerability in Credential page of Apache Zeppelin allows an attacker to submit malicious request. This issue affects Apache Zeppelin Apache Zeppelin version 0.9.0 and prior versions.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Apache Zeppelin",
    "vendor": "Apache Software Foundation",
    "versions": [
      {
        "lessThanOrEqual": "0.9.0",
        "status": "affected",
        "version": "0",
        "versionType": "semver"
      }
    ]
  }
]