Apache · Apache Zeppelin · CVE-2021-28656
**Name of the Vulnerable Software and Affected Versions**
Apache Zeppelin versions 0.9.0 and prior versions
**Description**
A Cross-Site Request Forgery (CSRF) issue in the Credential page of Apache Zeppelin allows an attacker to submit malicious requests.
**Recommendations**
For Apache Zeppelin versions 0.9.0 and prior, consider disabling access to the Credential page until a fix is available.
Restrict access to the Credential page to minimize the risk of exploitation.
At the moment, there is no information about a newer version that contains a fix for this vulnerability.