A REST interface in Apache StreamPipes (versions 0.69.0 to 0.91.0) was not properly restricted to admin-only access. This allowed a non-admin user with valid login credentials to elevate privileges beyond the initially assigned roles.
The issue is resolved by upgrading to StreamPipes 0.92.0.
[
{
"defaultStatus": "unaffected",
"product": "Apache StreamPipes",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThanOrEqual": "0.91.0",
"status": "affected",
"version": "0.69.0",
"versionType": "maven"
}
]
}
]