Lucene search
ApacheCVELIST:CVE-2023-31469HistoryJun 23, 2023 - 7:07 a.m.
CVE-2023-31469 Apache StreamPipes: Privilege escalation through non-admin user
2023-06-2307:07:42
CWE-269
apache
www.cve.org
1
apache streampipes
privilege escalation
rest interface
version 0.69.0
version 0.91.0
version 0.92.0
A REST interface in Apache StreamPipes (versions 0.69.0 to 0.91.0) was not properly restricted to admin-only access. This allowed a non-admin user with valid login credentials to elevate privileges beyond the initially assigned roles.
The issue is resolved by upgrading to StreamPipes 0.92.0.
CNA Affected
[
{
"defaultStatus": "unaffected",
"product": "Apache StreamPipes",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThanOrEqual": "0.91.0",
"status": "affected",
"version": "0.69.0",
"versionType": "maven"
}
]
}
]Related
github
github
Apache StreamPipes Improper Privilege Management vulnerability
2023-06-23 09:30:17
cnvd
cnvd
Apache StreamPipes Elevation of Privilege Vulnerability
2023-06-27 00:00:00
osv
osv
CVE-2023-31469
2023-06-23 08:15:09
Apache StreamPipes Improper Privilege Management vulnerability
2023-06-23 09:30:17
cve
cve
CVE-2023-31469
2023-06-23 08:15:09
veracode
veracode
Improper Privilege Management
2023-06-27 06:22:37
prion
prion
Cross site request forgery (csrf)
2023-06-23 08:15:00
nvd
nvd
CVE-2023-31469
2023-06-23 08:15:09