CVE-2024-31979

2024-07-1709:15:02

CWE-918

apache

web.nvd.nist.gov

cve-2024-31979

apache streampipes

ssrf

installation process

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

AI Score

6.7

Confidence

High

EPSS

0.001

Percentile

27.3%

JSON

Server-Side Request Forgery (SSRF) vulnerability in Apache StreamPipes during installation process of pipeline elements.
Previously, StreamPipes allowed users to configure custom endpoints from which to install additional pipeline elements.
These endpoints were not properly validated, allowing an attacker to get StreamPipes to send an HTTP GET request to an arbitrary address.
This issue affects Apache StreamPipes: through 0.93.0.

Users are recommended to upgrade to version 0.95.0, which fixes the issue.

Affected configurations

Nvd

Vulners

Vulnrichment

Node

apachestreampipesRange<0.95.0

VendorProductVersionCPE
apachestreampipes*cpe:2.3:a:apache:streampipes:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
apache	streampipes	*	cpe:2.3:a:apache:streampipes::::::::

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Apache StreamPipes",
    "vendor": "Apache Software Foundation",
    "versions": [
      {
        "lessThanOrEqual": "0.93.0",
        "status": "affected",
        "version": "0",
        "versionType": "maven"
      }
    ]
  }
]