7 matches found
CVE-2024-29868
Apache StreamPipes (versions 0.69.0–0.93.0) uses a cryptographically weak PRNG for recovery token generation in user self-registration and password recovery, enabling an attacker to predict tokens and take over accounts. The issue affects multiple CVE records (CVE-2024-29868) and is mitigated by ...
CVE-2025-47411
CVE-2025-47411 affects Apache StreamPipes up to version 0.97.0. A non-administrator user can exploit a flaw in the user ID creation mechanism to swap a real user’s username with an administrator’s, enabling privilege escalation by manipulating JWT tokens. Reported impact includes administrative c...
CVE-2024-30471
Affected software: Apache StreamPipes (prior to 0.95.0). Component/issue: Time-of-check Time-of-use (TOCTOU) race condition during user self-registration. Root cause: Insufficient synchronization allows multiple concurrent requests to check/register the same email. Impact: Potential creation of m...
CVE-2024-31411
CVE-2024-31411 concerns Apache StreamPipes, where an unrestricted upload of a dangerous file type is possible for authenticated/authorized users. The issue allows uploading potentially executable files, enabling remote code execution (RCE) on affected systems. Affected version: up to 0.93.0, with...
CVE-2024-24778
CVE-2024-24778 – Apache StreamPipes" : Applies to StreamPipes up to version 0.95.1. Root cause described across sources as improper privilege management in a REST interface, due to lack of filtering/sloppy validation of resource IDs, allowing registered users to access unauthorized resources if t...
CVE-2023-31469
The CVE-2023-31469 issue affects Apache StreamPipes versions 0.69.0–0.91.0, where a REST interface was not properly restricted to administrator access. This allowed a non-admin user with valid credentials to elevate privileges beyond their roles. Red Hat and other sources corroborate an elevation...
CVE-2024-31979
Apache StreamPipes is affected by a Server-Side Request Forgery (SSRF) vulnerability during the installation process of pipeline elements. The issue stems from insufficient validation of custom endpoints used to fetch/install additional elements, enabling an attacker to induce StreamPipes to issu...