Lucene search
Veracode Vulnerability DatabaseVERACODE:40413HistoryMay 08, 2023 - 10:46 a.m.
Improper Input Validation
2023-05-0810:46:10
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
11
improper input validation
user service
security threat
username verification
0.002 Low
EPSS
Percentile
52.7%
org.apache.streampark:streampark is vulnerable to Improper Input Validation. The vulnerability exists because the resetPassword function of UserServiceImpl.java does not properly verify whether the user name is the currently logged in user and whether the user is legal, which allows a malicious attacker to send any username to modify and reset the account.
| CPE | Name | Operator | Version |
|---|---|---|---|
| streampark project parent pom | eq | 2.0.0 | |
| streampark project parent pom | eq | 2.0.0 |
References
github.com/apache/incubator-streampark/blob/dev/streampark-console/streampark-console-service/src/main/java/org/apache/streampark/console/system/service/impl/UserServiceImpl.java#L149-L162
github.com/apache/incubator-streampark/commit/4b20ce53ee478a03ef0fd60b726526cef8e7a2cf
lists.apache.org/thread/f68lcwrp8pcdc4yrbpcm8j7m0f5mjn7h
Related
cve
cve
CVE-2022-46365
2023-05-01 15:15:09
prion
prion
Code injection
2023-05-01 15:15:00
github
github
Apache StreamPark Improper Input Validation vulnerability
2023-07-06 19:24:19
nvd
nvd
CVE-2022-46365
2023-05-01 15:15:09
osv
osv
Apache StreamPark Improper Input Validation vulnerability
2023-07-06 19:24:19
cvelist
cvelist
cnvd
cnvd
Apache StreamPark Input Validation Error Vulnerability
2023-05-08 00:00:00