Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS1wcnZnLXJoNWgtNzRqcs4AA6vx
Apache Zeppelin CSRF vulnerability in the Credentials page
Cross-Site Request Forgery (CSRF) vulnerability in Credential page of Apache Zeppelin allows an attacker to submit malicious request. This issue affects Apache Zeppelin Apache Zeppelin version 0.9.0 and prior versions.
Permalink: https://github.com/advisories/GHSA-prvg-rh5h-74jrJSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1wcnZnLXJoNWgtNzRqcs4AA6vx
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: 8 months ago
Updated: 7 months ago
CVSS Score: 5.4
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
Identifiers: GHSA-prvg-rh5h-74jr, CVE-2021-28656
References:
- https://nvd.nist.gov/vuln/detail/CVE-2021-28656
- https://lists.apache.org/thread/dttzkkv4qyn1rq2fdv1r94otb1osxztc
- http://www.openwall.com/lists/oss-security/2024/04/09/3
- https://github.com/advisories/GHSA-prvg-rh5h-74jr
Affected Packages
maven:org.apache.zeppelin:zeppelin-web
Dependent packages: 0Dependent repositories: 51
Downloads:
Affected Version Ranges: <= 0.9.0
No known fixed version
All affected versions: 0.6.0, 0.6.1, 0.6.2, 0.7.0, 0.7.1, 0.7.2, 0.7.3, 0.8.0, 0.8.1, 0.8.2, 0.9.0