Lucene search

Veracode Vulnerability DatabaseVERACODE:48121

HistoryJul 18, 2024 - 9:26 a.m.

Server-side Request Forgery (SSRF)

2024-07-1809:26:51

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

streampipes-rest

vulnerability

ssrf

improper validation

installation process

ssrf attack

pipeline elements

http get requests

arbitrary addresses

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

AI Score

6.5

Confidence

High

EPSS

0.001

Percentile

27.3%

JSON

org.apache.streampipes: streampipes-rest is vulnerable to Server-side Request Forgery (SSRF). The vulnerability is due to improper validation of custom endpoints during the installation process of a pipeline elements, allowing an attacker to manipulate StreamPipes into sending HTTP GET requests to arbitrary addresses.

References

github.com/apache/streampipes/commit/aa8e605704dc79177d75b082dedf01b0440bf3d8

lists.apache.org/thread/8lryp3bxnby9kmk13odkz2jbfdjfvf0y

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

AI Score

6.5

Confidence

High

EPSS

0.001

Percentile

27.3%

JSON

Related for VERACODE:48121