81 matches found
CVE-2023-31469
A REST interface in Apache StreamPipes versions 0.69.0 to 0.91.0 was not properly restricted to admin-only access. This allowed a non-admin user with valid login credentials to elevate privileges beyond the initially assigned roles. The issue is resolved by upgrading to StreamPipes 0.92.0...
CVE-2025-47411
A user with a legitimate non-administrator account can exploit a vulnerability in the user ID creation mechanism in Apache StreamPipes that allows them to swap the username of an existing user with that of an administrator. This vulnerability allows an attacker to gain administrative control over...
GHSA-5R2G-VPHF-M5XC Apache StreamPipes has Improper Privilege Management issue
A user with a legitimate non-administrator account can exploit a vulnerability in the user ID creation mechanism in Apache StreamPipes that allows them to swap the username of an existing user with that of an administrator. This vulnerability allows an attacker to gain administrative control over...
CVE-2025-47411
A user with a legitimate non-administrator account can exploit a vulnerability in the user ID creation mechanism in Apache StreamPipes that allows them to swap the username of an existing user with that of an administrator. This vulnerability allows an attacker to gain administrative control over...
CVE-2025-47411
CVE-2025-47411 affects Apache StreamPipes up to version 0.97.0. A non-administrator user can exploit a flaw in the user ID creation mechanism to swap a real user’s username with an administrator’s, enabling privilege escalation by manipulating JWT tokens. Reported impact includes administrative c...
Apache StreamPipes 安全漏洞
Apache StreamPipes is a self-service industrial IoT toolkit from the Apache USA Foundation that enables non-technical users to connect, analyze and explore IIoT data streams. A security vulnerability exists in Apache StreamPipes version 0.97.0 and earlier, which stems from a flaw in the user ID...
EUVD-2024-22157
Malicious code in bioql PyPI...
EUVD-2023-1856
Malicious code in bioql PyPI...
CVE-2024-30471
Time-of-check Time-of-use TOCTOU Race Condition vulnerability in Apache StreamPipes in user self-registration. This allows an attacker to potentially request the creation of multiple accounts with the same email address until the email address is registered, creating many identical users and...
CVE-2024-29868
Use of Cryptographically Weak Pseudo-Random Number Generator PRNG vulnerability in Apache StreamPipes user self-registration and password recovery mechanism. This allows an attacker to guess the recovery token in a reasonable time and thereby to take over the attacked user's account. This issue...
CVE-2024-31979
Server-Side Request Forgery SSRF vulnerability in Apache StreamPipes during installation process of pipeline elements. Previously, StreamPipes allowed users to configure custom endpoints from which to install additional pipeline elements. These endpoints were not properly validated, allowing an...
CVE-2024-31411
Unrestricted Upload of File with dangerous type vulnerability in Apache StreamPipes. Such a dangerous type might be an executable file that may lead to a remote code execution RCE. The unrestricted upload is only possible for authenticated and authorized users. This issue affects Apache...
Improper Privilege Management
org.apache.streampipes, streampipes-parent is vulnerable to improper privilege management. The vulnerability is due to missing or improper access control checks in the REST interface, allowing unauthorized access to resources when the resource ID is known...
Apache StreamPipes elevation of privilege vulnerability (CNVD-2025-05698)
Apache StreamPipes is an open source self-service industrial IoT toolkit that enables users to connect, analyze and explore IIoT data streams. A security vulnerability exists in Apache StreamPipes version 0.95.1 and earlier, which stems from a lack of filtering and sloppy validation of resource...
CVE-2024-24778
Improper privilege management in a REST interface allowed registered users to access unauthorized resources if the resource ID was know. This issue affects Apache StreamPipes: through 0.95.1. Users are recommended to upgrade to version 0.97.0 which fixes the issue...
GHSA-VM7W-2724-5M23 Apache StreamPipes has improper privilege management in a REST interface
Improper privilege management in a REST interface allowed registered users to access unauthorized resources if the resource ID was known. This issue affects Apache StreamPipes: through 0.95.1. Users are recommended to upgrade to version 0.97.0 which fixes the issue...
Apache StreamPipes has improper privilege management in a REST interface
Improper privilege management in a REST interface allowed registered users to access unauthorized resources if the resource ID was known. This issue affects Apache StreamPipes: through 0.95.1. Users are recommended to upgrade to version 0.97.0 which fixes the issue...
PYSEC-2025-66
Improper privilege management in a REST interface allowed registered users to access unauthorized resources if the resource ID was know. This issue affects Apache StreamPipes: through 0.95.1. Users are recommended to upgrade to version 0.97.0 which fixes the issue...
CVE-2024-24778
Improper privilege management in a REST interface allowed registered users to access unauthorized resources if the resource ID was know. This issue affects Apache StreamPipes: through 0.95.1. Users are recommended to upgrade to version 0.97.0 which fixes the issue...
CVE-2024-24778
Improper privilege management in a REST interface allowed registered users to access unauthorized resources if the resource ID was know. This issue affects Apache StreamPipes: through 0.95.1. Users are recommended to upgrade to version 0.97.0 which fixes the issue...