Lucene search
HistoryJul 22, 2024 - 10:15 a.m.
CVE-2024-34457
user access
security vulnerability
version 2.1.4
authorization token
CVSS3
6.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
EPSS
0.001
Percentile
29.2%
On versions before 2.1.4, after a regular user successfully logs in, they can manually make a request using the authorization token to view everyone’s user flink information, including executeSQL and config.
Mitigation:
all users should upgrade to 2.1.4
Affected configurations
Node
apachestreamparkRange<2.1.4
| Vendor | Product | Version | CPE |
|---|---|---|---|
| apache | streampark | * | cpe:2.3:a:apache:streampark:*:*:*:*:*:*:*:* |
Related
vulnrichment
vulnrichment
CVE-2024-34457 Apache StreamPark IDOR Vulnerability
2024-07-22 09:48:23
cve
cve
CVE-2024-34457
2024-07-22 10:15:03
osv
osv
CVE-2024-34457
2024-07-22 10:15:03
cvelist
cvelist
CVE-2024-34457 Apache StreamPark IDOR Vulnerability
2024-07-22 09:48:23
veracode
veracode
Insecure Direct Object Reference (IDOR)
2024-07-23 06:29:02
CVSS3
6.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
EPSS
0.001
Percentile
29.2%
Related for NVD:CVE-2024-34457