187 matches found
CVE-2025-54947
In Apache StreamPark versions 2.0.0 through 2.1.7, a security vulnerability involving a hard-coded encryption key exists. This vulnerability occurs because the system uses a fixed, immutable key for encryption instead of dynamically generating or securely configuring the key. Attackers may obtain...
CVE-2025-53960 Apache StreamPark: Uses the user’s password as the secret key
When issuing JSON Web Tokens JWT, Apache StreamPark directly uses the user's password as the HMAC signing key e.g., with the HS256 algorithm. An attacker can exploit this vulnerability to perform offline brute-force attacks on the user's password using a captured JWT, or to arbitrarily forge...
CVE-2025-53960 Apache StreamPark: Uses the user’s password as the secret key
When issuing JSON Web Tokens JWT, Apache StreamPark directly uses the user's password as the HMAC signing key e.g., with the HS256 algorithm. An attacker can exploit this vulnerability to perform offline brute-force attacks on the user's password using a captured JWT, or to arbitrarily forge...
CVE-2025-53960
Apache StreamPark (affected: 2.0.0–2.1.7) suffers from a vulnerability where JWTs are signed using the user’s password as the HMAC secret (HS256). This directly exposes passwords to offline brute-forcing via captured tokens and can allow forging of identity tokens if the password is known, potent...
CVE-2025-54947 Apache StreamPark: Use hard-coded key vulnerability
In Apache StreamPark versions 2.0.0 through 2.1.7, a security vulnerability involving a hard-coded encryption key exists. This vulnerability occurs because the system uses a fixed, immutable key for encryption instead of dynamically generating or securely configuring the key. Attackers may obtain...
CVE-2025-54947 Apache StreamPark: Use hard-coded key vulnerability
In Apache StreamPark versions 2.0.0 through 2.1.7, a security vulnerability involving a hard-coded encryption key exists. This vulnerability occurs because the system uses a fixed, immutable key for encryption instead of dynamically generating or securely configuring the key. Attackers may obtain...
CVE-2025-54947 Apache StreamPark: Use hard-coded key vulnerability
In Apache StreamPark versions 2.0.0 through 2.1.7, a security vulnerability involving a hard-coded encryption key exists. This vulnerability occurs because the system uses a fixed, immutable key for encryption instead of dynamically generating or securely configuring the key. Attackers may obtain...
CVE-2025-54947
Apache StreamPark versions 2.0.0–2.1.7 contain a hard-coded, immutable encryption key, enabling potential decryption/ forgery of encrypted data and unauthorized access. The issue arises from using a fixed key instead of a dynamically generated or securely configured one. Upgrade to 2.1.7 is recom...
CVE-2025-54981 Apache StreamPark: Weak Encryption Algorithm in StreamPark
Weak Encryption Algorithm in StreamPark, The use of an AES cipher in ECB mode and a weak random number generator for encrypting sensitive data, including JWT tokens, may have risked exposing sensitive authentication data This issue affects Apache StreamPark: from 2.0.0 before 2.1.7. Users are...
CVE-2025-54981 Apache StreamPark: Weak Encryption Algorithm in StreamPark
Weak Encryption Algorithm in StreamPark, The use of an AES cipher in ECB mode and a weak random number generator for encrypting sensitive data, including JWT tokens, may have risked exposing sensitive authentication data This issue affects Apache StreamPark: from 2.0.0 before 2.1.7. Users are...
CVE-2025-54981
CVE-2025-54981 affects Apache StreamPark prior to 2.1.7, due to use of AES in ECB mode and a weak RNG for encrypting sensitive data such as JWT tokens. This weak encryption could lead to exposure of confidential data. The vulnerability is documented across multiple sources (NVD, Red Hat, OSV, CNV...
CVE-2025-54981 Apache StreamPark: Weak Encryption Algorithm in StreamPark
Weak Encryption Algorithm in StreamPark, The use of an AES cipher in ECB mode and a weak random number generator for encrypting sensitive data, including JWT tokens, may have risked exposing sensitive authentication data This issue affects Apache StreamPark: from 2.0.0 before 2.1.7. Users are...
PT-2025-50940
Weak Encryption Algorithm in StreamPark, The use of an AES cipher in ECB mode and a weak random number generator for encrypting sensitive data, including JWT tokens, may have risked exposing sensitive authentication data This issue affects Apache StreamPark: from 2.0.0 before 2.1.7. Users are...
PT-2025-50939
In Apache StreamPark versions 2.0.0 through 2.1.7, a security vulnerability involving a hard-coded encryption key exists. This vulnerability occurs because the system uses a fixed, immutable key for encryption instead of dynamically generating or securely configuring the key. Attackers may obtain...
Apache StreamPark 安全漏洞
Apache StreamPark is the United States Apache Apache Foundation of a streaming media application development framework. Apache StreamPark suffers from a security bypass vulnerability due to the use of a fixed, immutable encryption key. An attacker could exploit the vulnerability to decrypt...
Apache StreamPark 安全漏洞
Apache StreamPark is the United States Apache Apache Foundation of a streaming media application development framework. Apache StreamPark suffers from a weak algorithmic vulnerability that stems from the use of weak encryption algorithms, which can be exploited by an attacker to expose sensitive...
Apache StreamPark 安全漏洞
Apache StreamPark is a streaming media application development framework from the Apache Foundation USA. A security vulnerability exists in Apache StreamPark versions prior to 2.1.7, which stems from the use of hard-coded encryption keys that could lead to information disclosure or unauthorized...
PT-2025-49179
Name of the Vulnerable Software and Affected Versions Apache StreamPark versions 2.0.0 through 2.1.6 Description The system utilizes weak encryption keys, either fixed or derived directly from user passwords, when encrypting sensitive data. Attackers may obtain these keys through reverse...
Incorrect Execution-Assigned Permissions
org.apache.streampark:streampark is vulnerable to Incorrect Execution-Assigned Permissions. The vulnerability is due to improper handling of execution-assigned permissions, which allows an attacker to gain unauthorized access or execute actions with elevated privileges...
Unspecified Vulnerability in Apache StreamPark (CNVD-2025-24728)
Apache StreamPark is the United States Apache Apache Foundation of a streaming media application development framework. Apache StreamPark has a security vulnerability that can be exploited by attackers to cause confidentiality, integrity and availability to be compromised...