Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

github логотип

GHSA-pm73-x2h5-cmj3

Опубликовано: 23 июн. 2023
Источник: github
Github: Прошло ревью
CVSS3: 8.8

Описание

Apache StreamPipes Improper Privilege Management vulnerability

A REST interface in Apache StreamPipes (versions 0.69.0 to 0.91.0) was not properly restricted to admin-only access. This allowed a non-admin user with valid login credentials to elevate privileges beyond the initially assigned roles. The issue is resolved by upgrading to StreamPipes 0.92.0.

Ссылки

Пакеты

Наименование

org.apache.streampipes:streampipes-parent

maven
Затронутые версииВерсия исправления

>= 0.69.0, < 0.92.0

0.92.0

EPSS

Процентиль: 27%
0.00097
Низкий

8.8 High

CVSS3

CVE ID

CVE-2023-31469

Дефекты

CWE-269

Связанные уязвимости

nvd логотип

CVE-2023-31469

CVSS3: 8.8
nvd
больше 2 лет назад

A REST interface in Apache StreamPipes (versions 0.69.0 to 0.91.0) was not properly restricted to admin-only access. This allowed a non-admin user with valid login credentials to elevate privileges beyond the initially assigned roles. The issue is resolved by upgrading to StreamPipes 0.92.0.

EPSS

Процентиль: 27%
0.00097
Низкий

8.8 High

CVSS3

CVE ID

CVE-2023-31469

Дефекты

CWE-269