exploitDog

CVE-2024-34457

Опубликовано: 22 июл. 2024

Источник: nvd

CVSS3: 6.5

EPSS Низкий

Описание

On versions before 2.1.4, after a regular user successfully logs in, they can manually make a request using the authorization token to view everyone's user flink information, including executeSQL and config.

Mitigation:

all users should upgrade to 2.1.4

Ссылки

https://lists.apache.org/thread/brlfrmvw9dcv38zoofmhxg7qookmwn7j
Mailing List
Vendor Advisory
https://www.openwall.com/lists/oss-security/2024/07/22/2
http://www.openwall.com/lists/oss-security/2024/07/22/2
https://lists.apache.org/thread/brlfrmvw9dcv38zoofmhxg7qookmwn7j
Mailing List
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:apache:streampark:*:*:*:*:*:*:*:*

Версия до 2.1.4 (исключая)

EPSS

Процентиль: 42%

0.002

Низкий

6.5 Medium

CVSS3

Дефекты

CWE-639

CWE-639

Связанные уязвимости

GHSA-j73p-gc9r-3pf8

CVSS3: 6.5

github

больше 1 года назад

On versions before 2.1.4, after a regular user successfully logs in, they can manually make a request using the authorization token to view everyone's user flink information, including executeSQL and config. Mitigation: all users should upgrade to 2.1.4

EPSS

Процентиль: 42%

0.002

Низкий

6.5 Medium

CVSS3

Дефекты

CWE-639

CWE-639