Lucene search
K

97 matches found

OSV
OSV
added 2024/06/24 10:15 a.m.5 views

CVE-2024-29868

Use of Cryptographically Weak Pseudo-Random Number Generator PRNG vulnerability in Apache StreamPipes user self-registration and password recovery mechanism. This allows an attacker to guess the recovery token in a reasonable time and thereby to take over the attacked user's account. This issue...

9.1CVSS9.2AI score
Exploits0References2
Cvelist
Cvelist
added 2024/06/24 9:59 a.m.57 views

CVE-2024-29868 Apache StreamPipes, Apache StreamPipes: Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) in Recovery Token Generation

Use of Cryptographically Weak Pseudo-Random Number Generator PRNG vulnerability in Apache StreamPipes user self-registration and password recovery mechanism. This allows an attacker to guess the recovery token in a reasonable time and thereby to take over the attacked user's account. This issue...

0.05995EPSS
Exploits1References1
CVE
CVE
added 2024/06/24 9:59 a.m.82 views

CVE-2024-29868

Apache StreamPipes (versions 0.69.0–0.93.0) uses a cryptographically weak PRNG for recovery token generation in user self-registration and password recovery, enabling an attacker to predict tokens and take over accounts. The issue affects multiple CVE records (CVE-2024-29868) and is mitigated by ...

9.1CVSS9.3AI score0.05995EPSS
Exploits1References2Affected Software1
Vulnrichment
Vulnrichment
added 2024/06/24 9:59 a.m.22 views

CVE-2024-29868 Apache StreamPipes, Apache StreamPipes: Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) in Recovery Token Generation

Use of Cryptographically Weak Pseudo-Random Number Generator PRNG vulnerability in Apache StreamPipes user self-registration and password recovery mechanism. This allows an attacker to guess the recovery token in a reasonable time and thereby to take over the attacked user's account. This issue...

7.1AI score0.05995EPSS
Exploits1References1
CNNVD
CNNVD
added 2024/06/24 12:0 a.m.4 views

Apache StreamPipes 安全特征问题漏洞

Apache StreamPipes is a self-service industrial IoT toolkit from the Apache USA Foundation that enables non-technical users to connect, analyze and explore IIoT data streams. Apache StreamPipes suffers from a security signature issue vulnerability that stems from the presence of a cryptographical...

9.1CVSS6.8AI score0.05995EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2024/06/22 12:0 a.m.7 views

PT-2024-23092 · Apache · Apache Streampipes

Name of the Vulnerable Software and Affected Versions: Apache StreamPipes versions 0.69.0 through 0.93.0 Description: The issue is related to the use of a cryptographically weak pseudo-random number generator PRNG in the user self-registration and password recovery mechanism. This allows an...

9.1CVSS8.9AI score0.05995EPSS
Exploits1References12
CNVD
CNVD
added 2023/06/27 12:0 a.m.16 views

Apache StreamPipes Elevation of Privilege Vulnerability

Apache StreamPipes is a self-service industrial IoT toolkit from the Apache USA Foundation that enables non-technical users to connect, analyze and explore IIoT data streams. Apache StreamPipes suffers from an elevation of privilege vulnerability that is caused by failing to properly restrict the...

8.8CVSS7.1AI score0.01096EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2023/06/23 9:30 a.m.19 views

Apache StreamPipes Improper Privilege Management vulnerability

A REST interface in Apache StreamPipes versions 0.69.0 to 0.91.0 was not properly restricted to admin-only access. This allowed a non-admin user with valid login credentials to elevate privileges beyond the initially assigned roles. The issue is resolved by upgrading to StreamPipes 0.92.0...

8.8CVSS6.7AI score0.01096EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2023/06/23 9:30 a.m.21 views

GHSA-PM73-X2H5-CMJ3 Apache StreamPipes Improper Privilege Management vulnerability

A REST interface in Apache StreamPipes versions 0.69.0 to 0.91.0 was not properly restricted to admin-only access. This allowed a non-admin user with valid login credentials to elevate privileges beyond the initially assigned roles. The issue is resolved by upgrading to StreamPipes 0.92.0...

8.8CVSS8.3AI score0.01096EPSS
Exploits0References3
OSV
OSV
added 2023/06/23 8:15 a.m.17 views

CVE-2023-31469

A REST interface in Apache StreamPipes versions 0.69.0 to 0.91.0 was not properly restricted to admin-only access. This allowed a non-admin user with valid login credentials to elevate privileges beyond the initially assigned roles. The issue is resolved by upgrading to StreamPipes 0.92.0...

8.8CVSS6.8AI score
Exploits0References1
NVD
NVD
added 2023/06/23 8:15 a.m.24 views

CVE-2023-31469

A REST interface in Apache StreamPipes versions 0.69.0 to 0.91.0 was not properly restricted to admin-only access. This allowed a non-admin user with valid login credentials to elevate privileges beyond the initially assigned roles. The issue is resolved by upgrading to StreamPipes 0.92.0...

8.8CVSS8.4AI score0.01096EPSS
Exploits0References1
Prion
Prion
added 2023/06/23 8:15 a.m.28 views

Cross site request forgery (csrf)

A REST interface in Apache StreamPipes versions 0.69.0 to 0.91.0 was not properly restricted to admin-only access. This allowed a non-admin user with valid login credentials to elevate privileges beyond the initially assigned roles. The issue is resolved by upgrading to StreamPipes 0.92.0...

6.5CVSS8.4AI score0.01096EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2023/06/23 7:7 a.m.52 views

CVE-2023-31469

The CVE-2023-31469 issue affects Apache StreamPipes versions 0.69.0–0.91.0, where a REST interface was not properly restricted to administrator access. This allowed a non-admin user with valid credentials to elevate privileges beyond their roles. Red Hat and other sources corroborate an elevation...

8.8CVSS8.4AI score0.01096EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2023/06/23 7:7 a.m.13 views

CVE-2023-31469 Apache StreamPipes: Privilege escalation through non-admin user

A REST interface in Apache StreamPipes versions 0.69.0 to 0.91.0 was not properly restricted to admin-only access. This allowed a non-admin user with valid login credentials to elevate privileges beyond the initially assigned roles. The issue is resolved by upgrading to StreamPipes 0.92.0...

8.4AI score0.01096EPSS
Exploits0References1
Cvelist
Cvelist
added 2023/06/23 7:7 a.m.31 views

CVE-2023-31469 Apache StreamPipes: Privilege escalation through non-admin user

A REST interface in Apache StreamPipes versions 0.69.0 to 0.91.0 was not properly restricted to admin-only access. This allowed a non-admin user with valid login credentials to elevate privileges beyond the initially assigned roles. The issue is resolved by upgrading to StreamPipes 0.92.0...

8.6AI score0.01096EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2023/06/23 12:0 a.m.5 views

PT-2023-23347 · Apache · Apache Streampipes

Name of the Vulnerable Software and Affected Versions: Apache StreamPipes versions 0.69.0 through 0.91.0 Description: A REST interface in Apache StreamPipes was not properly restricted to admin-only access. This allowed a non-admin user with valid login credentials to elevate privileges beyond th...

8.8CVSS7AI score0.01096EPSS
Exploits0References8
CNNVD
CNNVD
added 2023/06/23 12:0 a.m.6 views

Apache StreamPipes 安全漏洞

Apache StreamPipes is a self-service industrial IoT toolkit from the Apache USA Foundation that enables non-technical users to connect, analyze and explore IIoT data streams. Apache StreamPipes suffers from an elevation of privilege vulnerability that is caused by failing to properly restrict the...

8.8CVSS7.2AI score0.01096EPSS
Exploits0References2
Rows per page
Query Builder