Lucene search
ApacheCVE-2024-34457HistoryJul 22, 2024 - 10:15 a.m.
CVE-2024-34457
2024-07-2210:15:03
CWE-639
apache
web.nvd.nist.gov
31
vulnerability
user access
authorization token
CVSS3
6.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
EPSS
0.001
Percentile
29.2%
On versions before 2.1.4, after a regular user successfully logs in, they can manually make a request using the authorization token to view everyone’s user flink information, including executeSQL and config.
Mitigation:
all users should upgrade to 2.1.4
Affected configurations
Node
apachestreamparkRange<2.1.4
| Vendor | Product | Version | CPE |
|---|---|---|---|
| apache | streampark | * | cpe:2.3:a:apache:streampark:*:*:*:*:*:*:*:* |
CNA Affected
[
{
"defaultStatus": "unaffected",
"product": "Apache StreamPark",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThan": "2.1.4",
"status": "affected",
"version": "1.0.0",
"versionType": "semver"
}
]
}
]Related
vulnrichment
vulnrichment
CVE-2024-34457 Apache StreamPark IDOR Vulnerability
2024-07-22 09:48:23
osv
osv
CVE-2024-34457
2024-07-22 10:15:03
nvd
nvd
CVE-2024-34457
2024-07-22 10:15:03
cvelist
cvelist
CVE-2024-34457 Apache StreamPark IDOR Vulnerability
2024-07-22 09:48:23
veracode
veracode
Insecure Direct Object Reference (IDOR)
2024-07-23 06:29:02
CVSS3
6.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
EPSS
0.001
Percentile
29.2%
Related for CVE-2024-34457