You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@streampipes.apache.org by Dominik Riemer <ri...@apache.org> on 2023/06/22 20:12:03 UTC
CVE-2023-31469: Apache StreamPipes: Privilege escalation through non-admin user
Severity: important
Affected versions:
- Apache StreamPipes 0.69.0 through 0.91.0
Description:
A REST interface in Apache StreamPipes (versions 0.69.0 to 0.91.0) was not properly restricted to admin-only access. This allowed a non-admin user with valid login credentials to elevate privileges beyond the initially assigned roles.
The issue is resolved by upgrading to StreamPipes 0.92.0.
Credit:
Xun Bai, LJQC Open Source Security Institute (finder)
References:
https://streampipes.apache.org
https://www.cve.org/CVERecord?id=CVE-2023-31469