CVE-2022-45801

Name of the Vulnerable Software and Affected Versions Apache StreamPark versions 1.0.0 through 2.0.0

Description The issue is related to an LDAP injection vulnerability, which is an attack used to exploit web-based applications that construct LDAP statements based on user input. When an application fails to properly sanitize user input, it's possible to modify LDAP statements through techniques similar to SQL Injection. This could result in the granting of permissions to unauthorized queries and content modification inside the LDAP tree. The risk may only occur when the user logs in with LDAP, and the user name and password login will not be affected.

Recommendations For Apache StreamPark versions 1.0.0 through 2.0.0, upgrade to Apache StreamPark 2.0.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the LDAP functionality until the upgrade is applied. Additionally, users should be cautious when logging in with LDAP to minimize the risk of exploitation.