Lucene search
K

187 matches found

NVD
NVD
added 2025/12/12 3:15 p.m.14 views

CVE-2025-54947

In Apache StreamPark versions 2.0.0 through 2.1.7, a security vulnerability involving a hard-coded encryption key exists. This vulnerability occurs because the system uses a fixed, immutable key for encryption instead of dynamically generating or securely configuring the key. Attackers may obtain...

9.8CVSS0.00456EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/12/12 3:15 p.m.32 views

CVE-2025-53960 Apache StreamPark: Uses the user’s password as the secret key

When issuing JSON Web Tokens JWT, Apache StreamPark directly uses the user's password as the HMAC signing key e.g., with the HS256 algorithm. An attacker can exploit this vulnerability to perform offline brute-force attacks on the user's password using a captured JWT, or to arbitrarily forge...

0.0022EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/12/12 3:15 p.m.5 views

CVE-2025-53960 Apache StreamPark: Uses the user’s password as the secret key

When issuing JSON Web Tokens JWT, Apache StreamPark directly uses the user's password as the HMAC signing key e.g., with the HS256 algorithm. An attacker can exploit this vulnerability to perform offline brute-force attacks on the user's password using a captured JWT, or to arbitrarily forge...

6.5AI score0.0022EPSS
Exploits0References1
CVE
CVE
added 2025/12/12 3:15 p.m.24 views

CVE-2025-53960

Apache StreamPark (affected: 2.0.0–2.1.7) suffers from a vulnerability where JWTs are signed using the user’s password as the HMAC secret (HS256). This directly exposes passwords to offline brute-forcing via captured tokens and can allow forging of identity tokens if the password is known, potent...

5.9CVSS6.5AI score0.0022EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2025/12/12 3:11 p.m.30 views

CVE-2025-54947 Apache StreamPark: Use hard-coded key vulnerability

In Apache StreamPark versions 2.0.0 through 2.1.7, a security vulnerability involving a hard-coded encryption key exists. This vulnerability occurs because the system uses a fixed, immutable key for encryption instead of dynamically generating or securely configuring the key. Attackers may obtain...

0.00456EPSS
Exploits0References1
OSV
OSV
added 2025/12/12 3:11 p.m.5 views

CVE-2025-54947 Apache StreamPark: Use hard-coded key vulnerability

In Apache StreamPark versions 2.0.0 through 2.1.7, a security vulnerability involving a hard-coded encryption key exists. This vulnerability occurs because the system uses a fixed, immutable key for encryption instead of dynamically generating or securely configuring the key. Attackers may obtain...

5.3CVSS6.2AI score0.00456EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2025/12/12 3:11 p.m.1 views

CVE-2025-54947 Apache StreamPark: Use hard-coded key vulnerability

In Apache StreamPark versions 2.0.0 through 2.1.7, a security vulnerability involving a hard-coded encryption key exists. This vulnerability occurs because the system uses a fixed, immutable key for encryption instead of dynamically generating or securely configuring the key. Attackers may obtain...

6.2AI score0.00456EPSS
Exploits0References1
CVE
CVE
added 2025/12/12 3:11 p.m.18 views

CVE-2025-54947

Apache StreamPark versions 2.0.0–2.1.7 contain a hard-coded, immutable encryption key, enabling potential decryption/ forgery of encrypted data and unauthorized access. The issue arises from using a fixed key instead of a dynamically generated or securely configured one. Upgrade to 2.1.7 is recom...

9.8CVSS6.2AI score0.00456EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2025/12/12 3:10 p.m.5 views

CVE-2025-54981 Apache StreamPark: Weak Encryption Algorithm in StreamPark

Weak Encryption Algorithm in StreamPark, The use of an AES cipher in ECB mode and a weak random number generator for encrypting sensitive data, including JWT tokens, may have risked exposing sensitive authentication data This issue affects Apache StreamPark: from 2.0.0 before 2.1.7. Users are...

7.5CVSS6AI score0.0022EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2025/12/12 3:10 p.m.3 views

CVE-2025-54981 Apache StreamPark: Weak Encryption Algorithm in StreamPark

Weak Encryption Algorithm in StreamPark, The use of an AES cipher in ECB mode and a weak random number generator for encrypting sensitive data, including JWT tokens, may have risked exposing sensitive authentication data This issue affects Apache StreamPark: from 2.0.0 before 2.1.7. Users are...

6.7AI score0.0022EPSS
Exploits0References1
CVE
CVE
added 2025/12/12 3:10 p.m.16 views

CVE-2025-54981

CVE-2025-54981 affects Apache StreamPark prior to 2.1.7, due to use of AES in ECB mode and a weak RNG for encrypting sensitive data such as JWT tokens. This weak encryption could lead to exposure of confidential data. The vulnerability is documented across multiple sources (NVD, Red Hat, OSV, CNV...

7.5CVSS6.7AI score0.0022EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2025/12/12 3:10 p.m.26 views

CVE-2025-54981 Apache StreamPark: Weak Encryption Algorithm in StreamPark

Weak Encryption Algorithm in StreamPark, The use of an AES cipher in ECB mode and a weak random number generator for encrypting sensitive data, including JWT tokens, may have risked exposing sensitive authentication data This issue affects Apache StreamPark: from 2.0.0 before 2.1.7. Users are...

0.0022EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/12/12 12:0 a.m.9 views

PT-2025-50940

Weak Encryption Algorithm in StreamPark, The use of an AES cipher in ECB mode and a weak random number generator for encrypting sensitive data, including JWT tokens, may have risked exposing sensitive authentication data This issue affects Apache StreamPark: from 2.0.0 before 2.1.7. Users are...

7.1AI score0.0022EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/12/12 12:0 a.m.6 views

PT-2025-50939

In Apache StreamPark versions 2.0.0 through 2.1.7, a security vulnerability involving a hard-coded encryption key exists. This vulnerability occurs because the system uses a fixed, immutable key for encryption instead of dynamically generating or securely configuring the key. Attackers may obtain...

6.6AI score0.00456EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/12/12 12:0 a.m.4 views

Apache StreamPark 安全漏洞

Apache StreamPark is the United States Apache Apache Foundation of a streaming media application development framework. Apache StreamPark suffers from a security bypass vulnerability due to the use of a fixed, immutable encryption key. An attacker could exploit the vulnerability to decrypt...

5.9CVSS6.4AI score0.0022EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/12/12 12:0 a.m.5 views

Apache StreamPark 安全漏洞

Apache StreamPark is the United States Apache Apache Foundation of a streaming media application development framework. Apache StreamPark suffers from a weak algorithmic vulnerability that stems from the use of weak encryption algorithms, which can be exploited by an attacker to expose sensitive...

7.5CVSS7AI score0.0022EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/12/12 12:0 a.m.5 views

Apache StreamPark 安全漏洞

Apache StreamPark is a streaming media application development framework from the Apache Foundation USA. A security vulnerability exists in Apache StreamPark versions prior to 2.1.7, which stems from the use of hard-coded encryption keys that could lead to information disclosure or unauthorized...

9.8CVSS6.1AI score0.00456EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/12/04 12:0 a.m.12 views

PT-2025-49179

Name of the Vulnerable Software and Affected Versions Apache StreamPark versions 2.0.0 through 2.1.6 Description The system utilizes weak encryption keys, either fixed or derived directly from user passwords, when encrypting sensitive data. Attackers may obtain these keys through reverse...

5.9CVSS6.7AI score0.0022EPSS
Exploits0References7
Veracode
Veracode
added 2025/10/23 11:36 a.m.6 views

Incorrect Execution-Assigned Permissions

org.apache.streampark:streampark is vulnerable to Incorrect Execution-Assigned Permissions. The vulnerability is due to improper handling of execution-assigned permissions, which allows an attacker to gain unauthorized access or execute actions with elevated privileges...

7.3CVSS7.3AI score0.00517EPSS
Exploits0References4Affected Software1
CNVD
CNVD
added 2025/10/21 12:0 a.m.4 views

Unspecified Vulnerability in Apache StreamPark (CNVD-2025-24728)

Apache StreamPark is the United States Apache Apache Foundation of a streaming media application development framework. Apache StreamPark has a security vulnerability that can be exploited by attackers to cause confidentiality, integrity and availability to be compromised...

7.3CVSS6.9AI score0.00517EPSS
Exploits0References1
Rows per page
Query Builder