CVE-2024-8642

🗓️ 11 Sep 2024 13:34:28Reported by eclipseType

In Eclipse Dataspace Components, failure to validate ConsumerPullTransferToken can allow bypassing token expiration chec

Reporter	Title	Published	Views	Family All 12
Circl	CVE-2024-8642	11 Sep 202417:00	–	circl
CNNVD	Eclipse Dataspace Components 安全漏洞	11 Sep 202400:00	–	cnnvd
Cvelist	CVE-2024-8642 Eclipse EDC: Consumer pull transfer token validation checks not applied	11 Sep 202413:34	–	cvelist
EUVD	EUVD-2024-2751	3 Oct 202520:07	–	euvd
Github Security Blog	Eclipse Dataspace Components's ConsumerPullTransferTokenValidationApiController doesn't check for token validit	11 Sep 202415:31	–	github
NVD	CVE-2024-8642	11 Sep 202414:15	–	nvd
OSV	GHSA-8259-2X72-2GVC Eclipse Dataspace Components's ConsumerPullTransferTokenValidationApiController doesn't check for token validit	11 Sep 202415:31	–	osv
Positive Technologies	PT-2024-7968 · Eclipse · Eclipse Dataspace Components	11 Sep 202400:00	–	ptsecurity
RedhatCVE	CVE-2024-8642	23 May 202510:32	–	redhatcve
Veracode	Authentication Bypass	12 Sep 202410:19	–	veracode

NVD

Node

eclipse eclipse_dataspace_componentsRange0.5.0–0.9.0

[
  {
    "collectionURL": "https://repo.maven.apache.org/maven2/",
    "defaultStatus": "unaffected",
    "modules": [
      "transfer-data-plane"
    ],
    "packageName": "org.eclipse.edc:transfer-data-plane",
    "product": "Eclipse EDC Connector",
    "repo": "https://github.com/eclipse-edc/Connector",
    "vendor": "Eclipse Foundation",
    "versions": [
      {
        "lessThan": "0.9.0",
        "status": "affected",
        "version": "0.5.0",
        "versionType": "semver"
      }
    ]
  }
]

Source	Link
gitlab	www.gitlab.eclipse.org/security/vulnerability-reports/-/issues/234
gitlab	www.gitlab.eclipse.org/security/cve-assignement/-/issues/28
github	www.github.com/eclipse-edc/Connector/releases/tag/v0.9.0
github	www.github.com/eclipse-edc/Connector/commit/04899e91dcdb4a407db4eb7af3e7b6ff9a9e9ad6

29 Apr 2026 01:00Current

8.1High risk

Vulners AI Score8.1

CVSS 3.18.1

CVSS 45

EPSS0.00115

SSVC

eclipse dataspace components consumerpulltransfertokenvalidationapicontroller token validity dataplane http proxy consumer pull transfer-data-plane deprecated code dataplane signaling cve-2024-8642