AI Score
Confidence
Low
EPSS
Percentile
9.4%
SSVC
Exploitation
none
Automatable
yes
Technical Impact
total
On versions before 2.1.4,Β session is not invalidated after logout. When the user logged in successfully, the Backend service returns βAuthorizationβ as the front-end authentication credential. βAuthorizationβ can still initiate requests and access data even after logout.
Mitigation:
all users should upgrade to 2.1.4
[
{
"vendor": "Apache Software Foundation",
"product": "Apache StreamPark",
"versions": [
{
"status": "affected",
"version": "1.0.0",
"lessThan": "2.1.4",
"versionType": "semver"
}
],
"defaultStatus": "unaffected"
}
]
[
{
"cpes": [
"cpe:2.3:a:apache_software_foundation:apache_streampark:*:*:*:*:*:*:*:*"
],
"vendor": "apache_software_foundation",
"product": "apache_streampark",
"versions": [
{
"status": "affected",
"version": "1.0.0",
"lessThan": "2.1.4",
"versionType": "semver"
}
],
"defaultStatus": "unaffected"
}
]