CVE-2021-28656

2024-04-0910:15:07

CWE-352

apache

web.nvd.nist.gov

csrf

apache zeppelin

credential page

vulnerability

nvd

cve-2021-28656

security

AI Score

6.8

Confidence

High

EPSS

Percentile

9.0%

JSON

Cross-Site Request Forgery (CSRF) vulnerability in Credential page of Apache Zeppelin allows an attacker to submit malicious request. This issue affects Apache Zeppelin Apache Zeppelin version 0.9.0 and prior versions.

Affected configurations

Vulners

Node

apachezeppelinRange≤0.9.0

VendorProductVersionCPE
apachezeppelin*cpe:2.3:a:apache:zeppelin:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
apache	zeppelin	*	cpe:2.3:a:apache:zeppelin::::::::

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Apache Zeppelin",
    "vendor": "Apache Software Foundation",
    "versions": [
      {
        "lessThanOrEqual": "0.9.0",
        "status": "affected",
        "version": "0",
        "versionType": "semver"
      }
    ]
  }
]