4 matches found
CVE-2024-29070
creationtimestamp| type| source ---|---|--- 2024-07-23 12:13:21+00:00| seen| https://t.me/cvedetector/1499...
CVE-2024-29070
CVE-2024-29070 affects Apache StreamPark where versions prior to 2.1.4 fail to invalidate sessions after logout. The root cause is improper session management: after a successful login, the Backend service returns an Authorization credential that remains usable to initiate requests and access dat...
CVE-2024-29070 Apache StreamPark: session not invalidated after logout
On versions before 2.1.4, session is not invalidated after logout. When the user logged in successfully, the Backend service returns "Authorization" as the front-end authentication credential. "Authorization" can still initiate requests and access data even after logout. Mitigation: all users...
CVE-2024-29070 Apache StreamPark: session not invalidated after logout
On versions before 2.1.4, session is not invalidated after logout. When the user logged in successfully, the Backend service returns "Authorization" as the front-end authentication credential. "Authorization" can still initiate requests and access data even after logout. Mitigation: all users...