A REST interface in Apache StreamPipes (versions 0.69.0 to 0.91.0) was not properly restricted to admin-only access. This allowed a non-admin user with valid login credentials to elevate privileges beyond the initially assigned roles.
The issue is resolved by upgrading to StreamPipes 0.92.0.
CPE | Name | Operator | Version |
---|---|---|---|
streampipes | ge | 0.69.0 | |
streampipes | le | 0.91.0 |