Apache StreamPipes potentially allows creation of multiple identical accounts

GHSA-2qph-v9p2-q2gv · CVE-2024-30471 · PYSEC-2024-172

Published Jul 17, 2024 · Modified Jan 21, 2025

Description

Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Apache StreamPipes in user self-registration.
This allows an attacker to potentially request the creation of multiple accounts with the same email address until the email address is registered, creating many identical users and corrupting StreamPipe's user management.
This issue affects Apache StreamPipes: through 0.93.0.

Users are recommended to upgrade to version 0.95.0, which fixes the issue.

References

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2024-30471
PACKAGE https://github.com/apache/streampipes
WEB https://github.com/apache/streampipes/releases/tag/release%2F0.95.0
WEB https://github.com/pypa/advisory-database/tree/main/vulns/streampipes/PYSEC-2024-172.yaml
WEB https://lists.apache.org/thread/8yodrmohgcybq900or3d4hc1msl230fr
WEB http://www.openwall.com/lists/oss-security/2024/07/16/9

Ready to move

Start Securing

Start for Free Get Demo

Free, no credit card | First findings in minutes