CVE-2021-28656 – org.apache.zeppelin:zeppelin-web

Package

Manager: maven
Name: org.apache.zeppelin:zeppelin-web
Vulnerable Version: >=0 <=0.9.0

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

EPSS: 0.01268 pctl0.78691

Details

Apache Zeppelin CSRF vulnerability in the Credentials page Cross-Site Request Forgery (CSRF) vulnerability in Credential page of Apache Zeppelin allows an attacker to submit malicious request. This issue affects Apache Zeppelin Apache Zeppelin version 0.9.0 and prior versions.

Metadata

Created: 2024-04-09T12:30:46Z
Modified: 2024-05-02T14:52:55Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/04/GHSA-prvg-rh5h-74jr/GHSA-prvg-rh5h-74jr.json
CWE IDs: ["CWE-352"]
Alternative ID: GHSA-prvg-rh5h-74jr
Finding: F007
Auto approve: 1