PT-2024-5227 · Apache · Apache Streampipes
Tonynt
·
Published
2024-07-16
·
Updated
2024-08-01
·
CVE-2024-30471
CVSS v4.0
6.9
Medium
| Vector | AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N |
Name of the Vulnerable Software and Affected Versions:
Apache StreamPipes versions through 0.93.0
Description:
A Time-of-check Time-of-use (TOCTOU) Race Condition issue exists in the user self-registration component of Apache StreamPipes. This allows an attacker to potentially create multiple accounts with the same email address, resulting in the corruption of StreamPipes' user management. The issue can be exploited by a remote attacker to disrupt the user management process by creating multiple users with the same email address.
Recommendations:
Upgrade to version 0.95.0 to fix the issue.
Fix
Time Of Check To Time Of Use
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Apache Streampipes