Lucene search
ApacheVULNRICHMENT:CVE-2024-29868HistoryJun 24, 2024 - 9:59 a.m.
CVE-2024-29868 Apache StreamPipes, Apache StreamPipes: Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) in Recovery Token Generation
2024-06-2409:59:39
CWE-338
apache
github.com
1
apache streampipes
prng
vulnerability
fix
upgrade
Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) vulnerability in Apache StreamPipesΒ user self-registration and password recovery mechanism.
This allows an attacker to guess the recovery token in a reasonable time and thereby to take over the attacked userβs account.
This issue affects Apache StreamPipes: from 0.69.0 through 0.93.0.
Users are recommended to upgrade to version 0.95.0, which fixes the issue.
CNA Affected
[
{
"vendor": "Apache Software Foundation",
"product": "Apache StreamPipes",
"versions": [
{
"status": "affected",
"version": "0.69.0",
"versionType": "maven",
"lessThanOrEqual": "0.93.0"
}
],
"packageName": "streampipes-user-management",
"defaultStatus": "unaffected"
},
{
"vendor": "Apache Software Foundation",
"product": "Apache StreamPipes",
"versions": [
{
"status": "affected",
"version": "0.69.0",
"versionType": "maven",
"lessThanOrEqual": "0.93.0"
}
],
"packageName": "streampipes-model",
"defaultStatus": "unaffected"
}
]Related
cvelist
cvelist
nvd
nvd
CVE-2024-29868
2024-06-24 10:15:09
cve
cve
CVE-2024-29868
2024-06-24 10:15:09
githubexploit
githubexploit
Exploit for CVE-2024-29868
2024-06-24 14:53:05
7.1 High
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
9.1%
Related for VULNRICHMENT:CVE-2024-29868