CVE-2021-28656

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2021-28656

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-28656.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2021-28656

Aliases

GHSA-prvg-rh5h-74jr

Published

2024-04-09T10:15:07.610Z

Modified

2026-03-14T10:50:28.509646Z

Severity

5.4 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

Cross-Site Request Forgery (CSRF) vulnerability in Credential page of Apache Zeppelin allows an attacker to submit malicious request. This issue affects Apache Zeppelin Apache Zeppelin version 0.9.0 and prior versions.

References

Affected packages

Git / github.com/apache/zeppelin

Affected ranges

Type

GIT

Repo

https://github.com/apache/zeppelin

Events

Introduced

Last affected

ecc4455b1809c01cd17b542273be37fb1ebad8d4

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "0.9.0"
        }
    ]
}

Affected versions

v0.*

v0.9.0-docker

v0.9.0-preview1

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-28656.json"