PT-2023-23347 · Apache · Apache Streampipes
Xun Bai
·
Published
2023-06-23
·
Updated
2024-10-09
·
CVE-2023-31469
CVSS v3.1
8.8
High
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Apache StreamPipes versions 0.69.0 through 0.91.0
Description
A REST interface in Apache StreamPipes was not properly restricted to admin-only access. This allowed a non-admin user with valid login credentials to elevate privileges beyond the initially assigned roles.
Recommendations
For Apache StreamPipes versions 0.69.0 through 0.91.0, upgrade to StreamPipes 0.92.0 to resolve the issue. As a temporary workaround, consider restricting access to the REST interface to minimize the risk of exploitation.
Fix
Improper Privilege Management
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Apache Streampipes