PT-2024-24331 · Apache · Apache Streampipes
L0Ne1Y
·
Published
2024-07-17
·
Updated
2024-08-01
·
CVE-2024-31979
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
Apache StreamPipes versions through 0.93.0
Description
A Server-Side Request Forgery (SSRF) issue exists in Apache StreamPipes during the installation process of pipeline elements. The software allowed users to configure custom endpoints for installing additional pipeline elements, but these endpoints were not properly validated. This allowed an attacker to get StreamPipes to send an HTTP GET request to an arbitrary address.
Recommendations
For Apache StreamPipes versions through 0.93.0, upgrade to version 0.95.0, which fixes the issue.
Fix
SSRF
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Apache Streampipes