97 matches found
CVE-2024-29868
Use of Cryptographically Weak Pseudo-Random Number Generator PRNG vulnerability in Apache StreamPipes user self-registration and password recovery mechanism. This allows an attacker to guess the recovery token in a reasonable time and thereby to take over the attacked user's account. This issue...
CVE-2024-29868 Apache StreamPipes, Apache StreamPipes: Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) in Recovery Token Generation
Use of Cryptographically Weak Pseudo-Random Number Generator PRNG vulnerability in Apache StreamPipes user self-registration and password recovery mechanism. This allows an attacker to guess the recovery token in a reasonable time and thereby to take over the attacked user's account. This issue...
CVE-2024-29868
Apache StreamPipes (versions 0.69.0–0.93.0) uses a cryptographically weak PRNG for recovery token generation in user self-registration and password recovery, enabling an attacker to predict tokens and take over accounts. The issue affects multiple CVE records (CVE-2024-29868) and is mitigated by ...
CVE-2024-29868 Apache StreamPipes, Apache StreamPipes: Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) in Recovery Token Generation
Use of Cryptographically Weak Pseudo-Random Number Generator PRNG vulnerability in Apache StreamPipes user self-registration and password recovery mechanism. This allows an attacker to guess the recovery token in a reasonable time and thereby to take over the attacked user's account. This issue...
Apache StreamPipes 安全特征问题漏洞
Apache StreamPipes is a self-service industrial IoT toolkit from the Apache USA Foundation that enables non-technical users to connect, analyze and explore IIoT data streams. Apache StreamPipes suffers from a security signature issue vulnerability that stems from the presence of a cryptographical...
PT-2024-23092 · Apache · Apache Streampipes
Name of the Vulnerable Software and Affected Versions: Apache StreamPipes versions 0.69.0 through 0.93.0 Description: The issue is related to the use of a cryptographically weak pseudo-random number generator PRNG in the user self-registration and password recovery mechanism. This allows an...
Apache StreamPipes Elevation of Privilege Vulnerability
Apache StreamPipes is a self-service industrial IoT toolkit from the Apache USA Foundation that enables non-technical users to connect, analyze and explore IIoT data streams. Apache StreamPipes suffers from an elevation of privilege vulnerability that is caused by failing to properly restrict the...
Apache StreamPipes Improper Privilege Management vulnerability
A REST interface in Apache StreamPipes versions 0.69.0 to 0.91.0 was not properly restricted to admin-only access. This allowed a non-admin user with valid login credentials to elevate privileges beyond the initially assigned roles. The issue is resolved by upgrading to StreamPipes 0.92.0...
GHSA-PM73-X2H5-CMJ3 Apache StreamPipes Improper Privilege Management vulnerability
A REST interface in Apache StreamPipes versions 0.69.0 to 0.91.0 was not properly restricted to admin-only access. This allowed a non-admin user with valid login credentials to elevate privileges beyond the initially assigned roles. The issue is resolved by upgrading to StreamPipes 0.92.0...
CVE-2023-31469
A REST interface in Apache StreamPipes versions 0.69.0 to 0.91.0 was not properly restricted to admin-only access. This allowed a non-admin user with valid login credentials to elevate privileges beyond the initially assigned roles. The issue is resolved by upgrading to StreamPipes 0.92.0...
CVE-2023-31469
A REST interface in Apache StreamPipes versions 0.69.0 to 0.91.0 was not properly restricted to admin-only access. This allowed a non-admin user with valid login credentials to elevate privileges beyond the initially assigned roles. The issue is resolved by upgrading to StreamPipes 0.92.0...
Cross site request forgery (csrf)
A REST interface in Apache StreamPipes versions 0.69.0 to 0.91.0 was not properly restricted to admin-only access. This allowed a non-admin user with valid login credentials to elevate privileges beyond the initially assigned roles. The issue is resolved by upgrading to StreamPipes 0.92.0...
CVE-2023-31469
The CVE-2023-31469 issue affects Apache StreamPipes versions 0.69.0–0.91.0, where a REST interface was not properly restricted to administrator access. This allowed a non-admin user with valid credentials to elevate privileges beyond their roles. Red Hat and other sources corroborate an elevation...
CVE-2023-31469 Apache StreamPipes: Privilege escalation through non-admin user
A REST interface in Apache StreamPipes versions 0.69.0 to 0.91.0 was not properly restricted to admin-only access. This allowed a non-admin user with valid login credentials to elevate privileges beyond the initially assigned roles. The issue is resolved by upgrading to StreamPipes 0.92.0...
CVE-2023-31469 Apache StreamPipes: Privilege escalation through non-admin user
A REST interface in Apache StreamPipes versions 0.69.0 to 0.91.0 was not properly restricted to admin-only access. This allowed a non-admin user with valid login credentials to elevate privileges beyond the initially assigned roles. The issue is resolved by upgrading to StreamPipes 0.92.0...
PT-2023-23347 · Apache · Apache Streampipes
Name of the Vulnerable Software and Affected Versions: Apache StreamPipes versions 0.69.0 through 0.91.0 Description: A REST interface in Apache StreamPipes was not properly restricted to admin-only access. This allowed a non-admin user with valid login credentials to elevate privileges beyond th...
Apache StreamPipes 安全漏洞
Apache StreamPipes is a self-service industrial IoT toolkit from the Apache USA Foundation that enables non-technical users to connect, analyze and explore IIoT data streams. Apache StreamPipes suffers from an elevation of privilege vulnerability that is caused by failing to properly restrict the...