Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cvelistApacheCVELIST:CVE-2024-29070
HistoryJul 23, 2024 - 8:13 a.m.

CVE-2024-29070 Apache StreamPark: session not invalidated after logout

2024-07-2308:13:41
CWE-613
apache
www.cve.org
2
apache streampark
session
logout
cve-2024-29070

EPSS

0

Percentile

9.4%

JSON

On versions before 2.1.4, session is not invalidated after logout. When the user logged in successfully, the Backend service returns “Authorization” as the front-end authentication credential. “Authorization” can still initiate requests and access data even after logout.

Mitigation:

all users should upgrade to 2.1.4

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Apache StreamPark",
    "vendor": "Apache Software Foundation",
    "versions": [
      {
        "lessThan": "2.1.4",
        "status": "affected",
        "version": "1.0.0",
        "versionType": "semver"
      }
    ]
  }
]

Related

nvd 1
veracode 1
cve 1
vulnrichment 1
nvd
nvd
CVE-2024-29070
2024-07-23 09:15:02
veracode
veracode
Improper Authentication
2024-07-24 05:58:19
cve
cve
CVE-2024-29070
2024-07-23 09:15:02
vulnrichment
vulnrichment
CVE-2024-29070 Apache StreamPark: session not invalidated after logout
2024-07-23 08:13:41

EPSS

0

Percentile

9.4%

JSON
Related for CVELIST:CVE-2024-29070
nvd1veracode1cve1vulnrichment1