GHSA-prvg-rh5h-74jr

Suggest an improvement
Source
https://github.com/advisories/GHSA-prvg-rh5h-74jr
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/04/GHSA-prvg-rh5h-74jr/GHSA-prvg-rh5h-74jr.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-prvg-rh5h-74jr
Aliases
Published
2024-04-09T12:30:46Z
Modified
2024-05-02T15:01:02.691775Z
Severity
  • 5.4 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N CVSS Calculator
Summary
Apache Zeppelin CSRF vulnerability in the Credentials page
Details

Cross-Site Request Forgery (CSRF) vulnerability in Credential page of Apache Zeppelin allows an attacker to submit malicious request. This issue affects Apache Zeppelin Apache Zeppelin version 0.9.0 and prior versions.

Database specific 
{
    "nvd_published_at": "2024-04-09T10:15:07Z",
    "github_reviewed": true,
    "github_reviewed_at": "2024-04-09T16:23:03Z",
    "cwe_ids": [
        "CWE-352"
    ],
    "severity": "MODERATE"
}
References

Affected packages

Maven / org.apache.zeppelin:zeppelin-web

Package

Name
org.apache.zeppelin:zeppelin-web
View open source insights on deps.dev
Purl
pkg:maven/org.apache.zeppelin/zeppelin-web

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Last affected
0.9.0

Affected versions

0.*

0.6.0
0.6.1
0.6.2
0.7.0
0.7.1
0.7.2
0.7.3
0.8.0
0.8.1
0.8.2
0.9.0