PT-2024-10914 · Apache · Apache Zeppelin
Jiang Qingzhi
·
Published
2024-04-09
·
Updated
2025-05-05
·
CVE-2021-28656
CVSS v3.1
5.4
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Apache Zeppelin versions 0.9.0 and prior versions
Description
A Cross-Site Request Forgery (CSRF) issue in the Credential page of Apache Zeppelin allows an attacker to submit malicious requests.
Recommendations
For Apache Zeppelin versions 0.9.0 and prior, consider disabling access to the Credential page until a fix is available.
Restrict access to the Credential page to minimize the risk of exploitation.
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
CSRF
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Apache Zeppelin