Apache StreamPipes Improper Privilege Management vulnerability

GHSA-pm73-x2h5-cmj3 · CVE-2023-31469

Published Jun 23, 2023 · Modified Feb 16, 2024

Description

A REST interface in Apache StreamPipes (versions 0.69.0 to 0.91.0) was not properly restricted to admin-only access. This allowed a non-admin user with valid login credentials to elevate privileges beyond the initially assigned roles.
The issue is resolved by upgrading to StreamPipes 0.92.0.

References

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2023-31469
PACKAGE https://github.com/apache/streampipes
WEB https://lists.apache.org/thread/c4y8kf9bzpf36v4bottfmd8tc9cxo19m

Ready to move

Start Securing

Start for Free Get Demo

Free, no credit card | First findings in minutes