Lucene search

[email protected]NVD:CVE-2024-31979

HistoryJul 17, 2024 - 9:15 a.m.

CVE-2024-31979

2024-07-1709:15:02

CWE-918

[email protected]

web.nvd.nist.gov

cve-2024-31979

ssrf vulnerability

apache streampipes

installation process

pipeline elements

endpoint validation

http request

security upgrade

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

EPSS

0.001

Percentile

27.3%

JSON

Server-Side Request Forgery (SSRF) vulnerability in Apache StreamPipes during installation process of pipeline elements.
Previously, StreamPipes allowed users to configure custom endpoints from which to install additional pipeline elements.
These endpoints were not properly validated, allowing an attacker to get StreamPipes to send an HTTP GET request to an arbitrary address.
This issue affects Apache StreamPipes: through 0.93.0.

Users are recommended to upgrade to version 0.95.0, which fixes the issue.

Affected configurations

Nvd

Node

apachestreampipesRange<0.95.0

VendorProductVersionCPE
apachestreampipes*cpe:2.3:a:apache:streampipes:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
apache	streampipes	*	cpe:2.3:a:apache:streampipes::::::::

References

lists.apache.org/thread/8lryp3bxnby9kmk13odkz2jbfdjfvf0y

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

EPSS

0.001

Percentile

27.3%

JSON

Related for NVD:CVE-2024-31979

osv2 cvelist1 veracode1 github1 cve1 vulnrichment1