Lucene search
ApacheVULNRICHMENT:CVE-2024-29070HistoryJul 23, 2024 - 8:13 a.m.
CVE-2024-29070 Apache StreamPark: session not invalidated after logout
2024-07-2308:13:41
CWE-613
apache
github.com
2
cve-2024-29070
apache streampark
session invalidation
AI Score
7
Confidence
Low
EPSS
0
Percentile
9.4%
SSVC
Exploitation
none
Automatable
yes
Technical Impact
total
On versions before 2.1.4,Β session is not invalidated after logout. When the user logged in successfully, the Backend service returns βAuthorizationβ as the front-end authentication credential. βAuthorizationβ can still initiate requests and access data even after logout.
Mitigation:
all users should upgrade to 2.1.4
CNA Affected
[
{
"vendor": "Apache Software Foundation",
"product": "Apache StreamPark",
"versions": [
{
"status": "affected",
"version": "1.0.0",
"lessThan": "2.1.4",
"versionType": "semver"
}
],
"defaultStatus": "unaffected"
}
]ADP Affected
[
{
"cpes": [
"cpe:2.3:a:apache_software_foundation:apache_streampark:*:*:*:*:*:*:*:*"
],
"vendor": "apache_software_foundation",
"product": "apache_streampark",
"versions": [
{
"status": "affected",
"version": "1.0.0",
"lessThan": "2.1.4",
"versionType": "semver"
}
],
"defaultStatus": "unaffected"
}
]Related
nvd
nvd
CVE-2024-29070
2024-07-23 09:15:02
cvelist
cvelist
CVE-2024-29070 Apache StreamPark: session not invalidated after logout
2024-07-23 08:13:41
veracode
veracode
Improper Authentication
2024-07-24 05:58:19
cve
cve
CVE-2024-29070
2024-07-23 09:15:02
AI Score
7
Confidence
Low
EPSS
0
Percentile
9.4%
SSVC
Exploitation
none
Automatable
yes
Technical Impact
total
Related for VULNRICHMENT:CVE-2024-29070