Lucene search
+L
ApacheStreampipes

7 matches found

cve
cve
added 2024/06/24 9:59 a.m.86 views

CVE-2024-29868

Apache StreamPipes (versions 0.69.0–0.93.0) uses a cryptographically weak PRNG for recovery token generation in user self-registration and password recovery, enabling an attacker to predict tokens and take over accounts. The issue affects multiple CVE records (CVE-2024-29868) and is mitigated by ...

9.1CVSS9.3AI score0.05995EPSS
cve
cve
added 2026/01/01 4:41 p.m.75 views

CVE-2025-47411

CVE-2025-47411 affects Apache StreamPipes up to version 0.97.0. A non-administrator user can exploit a flaw in the user ID creation mechanism to swap a real user’s username with an administrator’s, enabling privilege escalation by manipulating JWT tokens. Reported impact includes administrative c...

8.1CVSS6.6AI score0.14786EPSS
cve
cve
added 2024/07/17 9:1 a.m.73 views

CVE-2024-30471

Affected software: Apache StreamPipes (prior to 0.95.0). Component/issue: Time-of-check Time-of-use (TOCTOU) race condition during user self-registration. Root cause: Insufficient synchronization allows multiple concurrent requests to check/register the same email. Impact: Potential creation of m...

5.3CVSS4AI score0.0066EPSS
cve
cve
added 2024/07/17 9:22 a.m.68 views

CVE-2024-31411

CVE-2024-31411 concerns Apache StreamPipes, where an unrestricted upload of a dangerous file type is possible for authenticated/authorized users. The issue allows uploading potentially executable files, enabling remote code execution (RCE) on affected systems. Affected version: up to 0.93.0, with...

8.8CVSS9AI score0.01106EPSS
cve
cve
added 2025/03/03 10:37 a.m.61 views

CVE-2024-24778

CVE-2024-24778 – Apache StreamPipes" : Applies to StreamPipes up to version 0.95.1. Root cause described across sources as improper privilege management in a REST interface, due to lack of filtering/sloppy validation of resource IDs, allowing registered users to access unauthorized resources if t...

6.5CVSS7.1AI score0.00615EPSS
cve
cve
added 2023/06/23 7:7 a.m.53 views

CVE-2023-31469

The CVE-2023-31469 issue affects Apache StreamPipes versions 0.69.0–0.91.0, where a REST interface was not properly restricted to administrator access. This allowed a non-admin user with valid credentials to elevate privileges beyond their roles. Red Hat and other sources corroborate an elevation...

8.8CVSS8.4AI score0.01096EPSS
cve
cve
added 2024/07/17 9:4 a.m.52 views

CVE-2024-31979

Apache StreamPipes is affected by a Server-Side Request Forgery (SSRF) vulnerability during the installation process of pipeline elements. The issue stems from insufficient validation of custom endpoints used to fetch/install additional elements, enabling an attacker to induce StreamPipes to issu...

7.5CVSS4.7AI score0.00738EPSS