<!--X-Body-Begin-->
<!--X-User-Header-->
oss-sec
mailing list archives
<!--X-User-Header-End-->
<!--X-TopPNI-->
By Date
By Thread
</form>
<!--X-TopPNI-End-->
<!--X-MsgBody-->
<!--X-Subject-Header-Begin-->
CVE-2021-28656: Apache Zeppelin: CSRF vulnerability in the Credentials page
<!--X-Subject-Header-End-->
<!--X-Head-of-Message-->
From: Jongyoul Lee <jongyoul () apache org>
Date: Tue, 09 Apr 2024 02:10:27 +0000
<!--X-Head-of-Message-End-->
<!--X-Head-Body-Sep-Begin-->
<!--X-Head-Body-Sep-End-->
<!--X-Body-of-Message-->
Severity: low
Affected versions:
- Apache Zeppelin through 0.9.0
Description:
Cross-Site Request Forgery (CSRF) vulnerability in Credential page of Apache Zeppelin allows an attacker to submit
malicious request. This issue affects Apache Zeppelin Apache Zeppelin version 0.9.0 and prior versions.
Credit:
Jiang Qingzhi (finder)
References:
https://zeppelin.apache.org/
https://www.cve.org/CVERecord?id=CVE-2021-28656
<!--X-Body-of-Message-End-->
<!--X-MsgBody-End-->
<!--X-Follow-Ups-->
<!--X-Follow-Ups-End-->
<!--X-References-->
<!--X-References-End-->
<!--X-BotPNI-->
By Date
By Thread
Current thread:
CVE-2021-28656: Apache Zeppelin: CSRF vulnerability in the Credentials page Jongyoul Lee (Apr 09)
<!--X-BotPNI-End-->
<!--X-User-Footer-->
<!--X-User-Footer-End-->