Lucene search
K

187 matches found

Vulnrichment
Vulnrichment
added 2024/07/23 8:13 a.m.13 views

CVE-2024-29070 Apache StreamPark: session not invalidated after logout

On versions before 2.1.4, session is not invalidated after logout. When the user logged in successfully, the Backend service returns "Authorization" as the front-end authentication credential. "Authorization" can still initiate requests and access data even after logout. Mitigation: all users...

7AI score0.00788EPSS
Exploits0References1
Veracode
Veracode
added 2024/07/23 6:29 a.m.16 views

Insecure Direct Object Reference (IDOR)

org.apache.streampark, streampark is vulnerable to Insecure Direct Object Reference IDOR. The vulnerability is due to insufficient access control due to improper handling of authorization tokens, allowing attackers to manually request and view all users' flink information, including executeSQL an...

6.5CVSS6.8AI score0.00728EPSS
Exploits0References3Affected Software1
CNNVD
CNNVD
added 2024/07/23 12:0 a.m.3 views

Apache StreamPark 代码问题漏洞

Apache StreamPark is the United States Apache Apache Foundation of a streaming media application development framework. Apache StreamPark versions prior to 2.1.4 suffer from a session expiration insufficiency vulnerability, which stems from the fact that the session is not expired after logging...

9.1CVSS6.8AI score0.00788EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2024/07/22 9:48 a.m.18 views

CVE-2024-34457 Apache StreamPark IDOR Vulnerability

On versions before 2.1.4, after a regular user successfully logs in, they can manually make a request using the authorization token to view everyone's user flink information, including executeSQL and config. Mitigation: all users should upgrade to 2.1.4...

6.4AI score0.00728EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/07/22 9:48 a.m.28 views

CVE-2024-34457 Apache StreamPark IDOR Vulnerability

On versions before 2.1.4, after a regular user successfully logs in, they can manually make a request using the authorization token to view everyone's user flink information, including executeSQL and config. Mitigation: all users should upgrade to 2.1.4...

0.00728EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/07/22 12:0 a.m.4 views

Apache StreamPark 安全漏洞

Apache StreamPark is the United States Apache Apache Foundation of a streaming media application development framework. A privilege management error vulnerability exists in Apache StreamPark versions 1.0.0 through 2.1.4 and earlier, which can be exploited by an attacker to manually issue a reques...

6.5CVSS6.8AI score0.00728EPSS
Exploits0References3
CNVD
CNVD
added 2024/07/22 12:0 a.m.6 views

Apache StreamPark Information Disclosure Vulnerability

Apache StreamPark is the United States Apache Apache Foundation of a streaming media application development framework. Apache StreamPark has an information disclosure vulnerability that can be exploited by attackers to obtain sensitive user information...

5.9CVSS6.1AI score0.00282EPSS
Exploits0References1
CNVD
CNVD
added 2024/07/22 12:0 a.m.5 views

Apache StreamPark Command Injection Vulnerability (CNVD-2024-33576)

Apache StreamPark is the United States Apache Apache Foundation of a streaming media application development framework. A command injection vulnerability exists in Apache StreamPark versions prior to 2.0.0 to 2.1.4, which stems from poor validation of input parameters and can be exploited by an...

8.8CVSS7.5AI score0.01117EPSS
Exploits0References1
CNVD
CNVD
added 2024/07/22 12:0 a.m.5 views

Apache StreamPark Code Injection Vulnerability

Apache StreamPark is the United States Apache Apache Foundation of a streaming media application development framework. A code injection vulnerability exists in Apache StreamPark versions prior to 2.1.4, which stems from a user being able to log in and perform a template injection attack. No...

8.8CVSS7AI score0.01239EPSS
Exploits0References1
CNVD
CNVD
added 2024/07/22 12:0 a.m.6 views

Apache StreamPark Command Injection Vulnerability (CNVD-2024-33577)

Apache StreamPark is the United States Apache Apache Foundation of a streaming media application development framework. Apache StreamPark suffers from a command injection vulnerability that stems from lax input parameter validation. An authorized attacker with system-level privileges could exploi...

8.8CVSS7.3AI score0.01607EPSS
Exploits0References1
Veracode
Veracode
added 2024/07/19 4:53 a.m.13 views

Template Injection

Apache StreamPark is vulnerable to template injection. The vulnerability is due to insufficient input validation that allows attacker to perform a template injection that potentially leads to execution of arbitrary code on server...

8.8CVSS7.9AI score0.01239EPSS
Exploits0References4Affected Software1
Snyk
Snyk
added 2024/07/18 12:30 p.m.1 views

Arbitrary Code Injection

Overview Affected versions of this package are vulnerable to Arbitrary Code Injection via the template processing mechanism. An attacker can execute arbitrary code on the server by injecting malicious templates after successfully logging into the system. Remediation Upgrade...

8.8CVSS8.2AI score0.01239EPSS
Exploits0References2
OSV
OSV
added 2024/07/18 12:30 p.m.5 views

GHSA-VV8H-M63V-53PQ Apache StreamPark: FreeMarker SSTI RCE Vulnerability

On versions before 2.1.4, a user could log in and perform a template injection attack resulting in Remote Code Execution on the server, The attacker must successfully log into the system to launch an attack, so this is a moderate-impact vulnerability. Mitigation: all users should upgrade to 2.1.4...

8.8CVSS9AI score0.01239EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2024/07/18 12:30 p.m.12 views

Apache StreamPark: FreeMarker SSTI RCE Vulnerability

On versions before 2.1.4, a user could log in and perform a template injection attack resulting in Remote Code Execution on the server, The attacker must successfully log into the system to launch an attack, so this is a moderate-impact vulnerability. Mitigation: all users should upgrade to 2.1.4...

8.8CVSS7.5AI score0.01239EPSS
Exploits0References4Affected Software1
Vulnrichment
Vulnrichment
added 2024/07/18 11:15 a.m.24 views

CVE-2024-29178 Apache StreamPark: FreeMarker SSTI RCE Vulnerability

On versions before 2.1.4, a user could log in and perform a template injection attack resulting in Remote Code Execution on the server, The attacker must successfully log into the system to launch an attack, so this is a moderate-impact vulnerability. Mitigation: all users should upgrade to 2.1.4...

7.7AI score0.01239EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/07/18 11:15 a.m.28 views

CVE-2024-29178 Apache StreamPark: FreeMarker SSTI RCE Vulnerability

On versions before 2.1.4, a user could log in and perform a template injection attack resulting in Remote Code Execution on the server, The attacker must successfully log into the system to launch an attack, so this is a moderate-impact vulnerability. Mitigation: all users should upgrade to 2.1.4...

0.01239EPSS
Exploits0References2
Veracode
Veracode
added 2024/07/18 5:38 a.m.15 views

Command Injection

org.apache.streampark:streampark is vulnerable to Command Injection. The vulnerability is caused due to insufficient input parameter validation, allowing attackers to insert commands. Exploiting this requires system-level access via user login, thereby limiting its risk due to controlled user...

8.8CVSS7.3AI score0.01607EPSS
Exploits0References2Affected Software1
Veracode
Veracode
added 2024/07/18 5:16 a.m.15 views

Command Injection

org.apache.streampark:streampark is vulnerable to command injection due to insufficient input parameter validation, which allows attackers to insert malicious commands for execution. The risk level of this vulnerability is very low as it requires the user to log in with system-level permissions...

8.8CVSS7.8AI score0.01117EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2024/07/18 12:0 a.m.3 views

Apache StreamPark 代码注入漏洞

Apache StreamPark is the United States Apache Apache Foundation of a streaming media application development framework. A code injection vulnerability exists in Apache StreamPark versions prior to 2.1.4, which stems from a user being able to log in and perform a template injection attack. No...

8.8CVSS7.4AI score0.01239EPSS
Exploits0References3
OSV
OSV
added 2024/07/17 3:30 p.m.10 views

GHSA-HCF8-5J78-887V Apache StreamPark: Information leakage vulnerability

In Streampark version 2.1.4, when a user logged in successfully, the Backend service would return "Authorization" as the front-end authentication credential. User can use this credential to request other users' information, including the administrator's username, password, salt value, etc. ...

5.9CVSS5.6AI score0.00282EPSS
Exploits0References4
Rows per page
Query Builder