Lucene search
K

4 matches found

Circl
Circl
added 2024/07/23 12:13 p.m.5 views

CVE-2024-29070

creationtimestamp| type| source ---|---|--- 2024-07-23 12:13:21+00:00| seen| https://t.me/cvedetector/1499...

9.1CVSS4.8AI score0.00788EPSS
Exploits0References1
CVE
CVE
added 2024/07/23 8:13 a.m.57 views

CVE-2024-29070

CVE-2024-29070 affects Apache StreamPark where versions prior to 2.1.4 fail to invalidate sessions after logout. The root cause is improper session management: after a successful login, the Backend service returns an Authorization credential that remains usable to initiate requests and access dat...

9.1CVSS6.7AI score0.00788EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2024/07/23 8:13 a.m.13 views

CVE-2024-29070 Apache StreamPark: session not invalidated after logout

On versions before 2.1.4, session is not invalidated after logout. When the user logged in successfully, the Backend service returns "Authorization" as the front-end authentication credential. "Authorization" can still initiate requests and access data even after logout. Mitigation: all users...

7AI score0.00788EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/07/23 8:13 a.m.17 views

CVE-2024-29070 Apache StreamPark: session not invalidated after logout

On versions before 2.1.4, session is not invalidated after logout. When the user logged in successfully, the Backend service returns "Authorization" as the front-end authentication credential. "Authorization" can still initiate requests and access data even after logout. Mitigation: all users...

0.00788EPSS
Exploits0References1
Rows per page
Query Builder