Lucene search
ApacheVULNRICHMENT:CVE-2024-29120HistoryJul 17, 2024 - 2:59 p.m.
CVE-2024-29120 Apache StreamPark: Information leakage vulnerability
2024-07-1714:59:04
CWE-212
apache
github.com
1
cve-2024-29120
apache streampark
information leakage
authentication credential
user information
mitigation
AI Score
7.2
Confidence
Low
EPSS
0
Percentile
9.3%
SSVC
Exploitation
none
Automatable
no
Technical Impact
partial
In Streampark (version < 2.1.4), when a user logged in successfully, the Backend service would return “Authorization” as the front-end authentication credential. User can use this credential to request other users’ information, including the administrator’s username, password, salt value, etc.
Mitigation:
all users should upgrade to 2.1.4
CNA Affected
[
{
"vendor": "Apache Software Foundation",
"product": "Apache StreamPark",
"versions": [
{
"status": "affected",
"version": "2.0.0",
"lessThan": "2.1.4",
"versionType": "semver"
}
],
"defaultStatus": "unaffected"
}
]Related
cvelist
cvelist
CVE-2024-29120 Apache StreamPark: Information leakage vulnerability
2024-07-17 14:59:04
nvd
nvd
CVE-2024-29120
2024-07-17 15:15:14
veracode
veracode
Improper Authorization
2024-07-24 09:43:53
cve
cve
CVE-2024-29120
2024-07-17 15:15:14
AI Score
7.2
Confidence
Low
EPSS
0
Percentile
9.3%
SSVC
Exploitation
none
Automatable
no
Technical Impact
partial
Related for VULNRICHMENT:CVE-2024-29120