Lucene search
Veracode Vulnerability DatabaseVERACODE:41027HistoryJun 27, 2023 - 6:22 a.m.
Improper Privilege Management
2023-06-2706:22:37
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
4
vulnerability
privilege management
userresource.java
elevate privileges
access validation
software
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
0.001 Low
EPSS
Percentile
42.3%
streampipes-rest is vulnerable to Improper Privilege Management. The vulnerability exists due to improperly validating admin-only access in UserResource.java, which allows an attacker to elevate privileges above the initially allocated roles.
| CPE | Name | Operator | Version |
|---|---|---|---|
| streampipes rest api | le | 0.91.0 | |
| streampipes rest api | le | 0.91.0 |
Related
cvelist
cvelist
github
github
Apache StreamPipes Improper Privilege Management vulnerability
2023-06-23 09:30:17
cnvd
cnvd
Apache StreamPipes Elevation of Privilege Vulnerability
2023-06-27 00:00:00
osv
osv
CVE-2023-31469
2023-06-23 08:15:09
Apache StreamPipes Improper Privilege Management vulnerability
2023-06-23 09:30:17
cve
cve
CVE-2023-31469
2023-06-23 08:15:09
prion
prion
Cross site request forgery (csrf)
2023-06-23 08:15:00
nvd
nvd
CVE-2023-31469
2023-06-23 08:15:09
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
0.001 Low
EPSS
Percentile
42.3%
Related for VERACODE:41027