CVE-2021-28656

Description

Cross-Site Request Forgery (CSRF) vulnerability in Credential page of Apache Zeppelin allows an attacker to submit malicious request. This issue affects Apache Zeppelin Apache Zeppelin version 0.9.0 and prior versions.

CVSS breakdown

CVSS 3.1

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

Low

Integrity

Low

Availability

None

Affected products

Apache Software Foundation / Apache Zeppelin0 – 0.9.0

References

MAILING_LISThttps://lists.apache.org/thread/dttzkkv4qyn1rq2fdv1r94otb1osxztc
MAILING_LISThttp://www.openwall.com/lists/oss-security/2024/04/09/3