Apache Zeppelin CSRF Vulnerability Allows Malicious Request Submission
CVE-2021-28656

Currently unrated

Key Information:

Vendor: Apache
Status: Apache Zeppelin
Vendor: CVE Published:; 9 April 2024

Summary

A Cross-Site Request Forgery (CSRF) vulnerability exists in the credential management page of Apache Zeppelin. This vulnerability enables attackers to forge requests that compromise user credentials, potentially allowing unauthorized actions on the server. Users of Apache Zeppelin version 0.9.0 and earlier are particularly affected, as their systems may not adequately validate the authenticity of requests, leaving them open to exploitation. It is vital for organizations utilizing this product to implement security measures to safeguard against such attacks.

Affected Version(s)

Apache Zeppelin 0 <= 0.9.0

References

https://lists.apache.org/thread/dttzkkv4qyn1rq2fdv1r94otb...

vendor-advisory

http://www.openwall.com/lists/oss-security/2024/04/09/3

Timeline

Vulnerability published
Apr 9, 2024
Vulnerability Reserved
Mar 17, 2021

Credit

Jiang Qingzhi