Streampipes Security Vulnerabilities

CVE-2023-31469

A REST interface in Apache StreamPipes (versions 0.69.0 to 0.91.0) was not properly restricted to admin-only access. This allowed a non-admin user with valid login credentials to elevate privileges beyond the initially assigned roles.The issue is resolved by upgrading to StreamPipes 0.92.0.

CVE-2024-29868

Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) vulnerability in Apache StreamPipes user self-registration and password recovery mechanism.This allows an attacker to guess the recovery token in a reasonable time and thereby to take over the attacked user's account.This issue aff...

CVE-2024-30471

Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Apache StreamPipes in user self-registration.This allows an attacker to potentially request the creation of multiple accounts with the same email address until the email address is registered, creating many identical users and corru...

CVE-2024-31411

Unrestricted Upload of File with dangerous type vulnerability in Apache StreamPipes.Such a dangerous type might be an executable file that may lead to a remote code execution (RCE).The unrestricted upload is only possible for authenticated and authorized users.This issue affects Apache StreamPipes:...

CVE-2024-31979

Server-Side Request Forgery (SSRF) vulnerability in Apache StreamPipes during installation process of pipeline elements.Previously, StreamPipes allowed users to configure custom endpoints from which to install additional pipeline elements.These endpoints were not properly validated, allowing an att...