Lucene search
ApacheCVELIST:CVE-2024-29868HistoryJun 24, 2024 - 9:59 a.m.
CVE-2024-29868 Apache StreamPipes, Apache StreamPipes: Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) in Recovery Token Generation
2024-06-2409:59:39
CWE-338
apache
www.cve.org
11
apache streampipes
cryptographically weak prng
recovery token
user account'https://nvd.nist.gov/vuln/detail/cve-2024-29868'
'apache streampipes'
'cryptographically weak prng'
'recovery token'
'user account'
'vulnerability'
'upgrade'
0.0004 Low
EPSS
Percentile
9.1%
Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) vulnerability in Apache StreamPipes user self-registration and password recovery mechanism.
This allows an attacker to guess the recovery token in a reasonable time and thereby to take over the attacked user’s account.
This issue affects Apache StreamPipes: from 0.69.0 through 0.93.0.
Users are recommended to upgrade to version 0.95.0, which fixes the issue.
CNA Affected
[
{
"defaultStatus": "unaffected",
"packageName": "streampipes-user-management",
"product": "Apache StreamPipes",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThanOrEqual": "0.93.0",
"status": "affected",
"version": "0.69.0",
"versionType": "maven"
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "streampipes-model",
"product": "Apache StreamPipes",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThanOrEqual": "0.93.0",
"status": "affected",
"version": "0.69.0",
"versionType": "maven"
}
]
}
]Related
cve
cve
CVE-2024-29868
2024-06-24 10:15:09
nvd
nvd
CVE-2024-29868
2024-06-24 10:15:09
vulnrichment
vulnrichment
githubexploit
githubexploit
Exploit for CVE-2024-29868
2024-06-24 14:53:05