A REST interface in Apache StreamPipes (versions 0.69.0 to 0.91.0) was not properly restricted to admin-only access. This allowed a non-admin user with valid login credentials to elevate privileges beyond the initially assigned roles.
The issue is resolved by upgrading to StreamPipes 0.92.0.

Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

Wed, 09 Oct 2024 15:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


cve-icon MITRE

Status: PUBLISHED

Assigner: apache

Published:

Updated: 2024-10-09T15:11:39.555Z

Reserved: 2023-04-28T19:12:18.352Z

Link: CVE-2023-31469

cve-icon Vulnrichment

Updated: 2024-08-02T14:53:30.748Z

cve-icon NVD

Status : Modified

Published: 2023-06-23T08:15:09.220

Modified: 2024-11-21T08:01:55.840

Link: CVE-2023-31469

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.