5.4
CVE-2021-28656
- EPSS 0.48%
- Veröffentlicht 09.04.2024 10:15:07
- Zuletzt bearbeitet 05.05.2025 20:49:50
- Quelle security@apache.org
- CVE-Watchlists
- Unerledigt
Apache Zeppelin: CSRF vulnerability in the Credentials page
Cross-Site Request Forgery (CSRF) vulnerability in Credential page of Apache Zeppelin allows an attacker to submit malicious request. This issue affects Apache Zeppelin Apache Zeppelin version 0.9.0 and prior versions.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.48% | 0.377 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 5.4 | 2.8 | 2.5 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
|
CWE-352 Cross-Site Request Forgery (CSRF)
The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.
http://www.openwall.com/lists/oss-security/2024/04/09/3
https://lists.apache.org/thread/dttzkkv4qyn1rq2fdv1r94otb1osxztc