Lucene search
ApacheVULNRICHMENT:CVE-2024-30471HistoryJul 17, 2024 - 9:01 a.m.
CVE-2024-30471 Apache StreamPipes: Potential creation of multiple identical accounts
2024-07-1709:01:52
CWE-367
apache
github.com
2
cve-2024-30471
apache streampipes
toctou
user self-registration
race condition
vulnerability
account creation
email address
user management
upgrade
AI Score
6.9
Confidence
High
EPSS
0
Percentile
10.7%
SSVC
Exploitation
none
Automatable
yes
Technical Impact
partial
Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Apache StreamPipes in user self-registration.
This allows an attacker to potentially request the creation of multiple accounts with the same email address until the email address is registered, creating many identical users and corrupting StreamPipe’s user management.
This issue affects Apache StreamPipes: through 0.93.0.
Users are recommended to upgrade to version 0.95.0, which fixes the issue.
ADP Affected
[
{
"cpes": [
"cpe:2.3:a:apache:streampipes:*:*:*:*:*:*:*:*"
],
"vendor": "apache",
"product": "streampipes",
"versions": [
{
"status": "affected",
"version": "0",
"versionType": "maven",
"lessThanOrEqual": "0.93.0"
}
],
"defaultStatus": "unaffected"
}
]Related
osv
osv
CVE-2024-30471
2024-07-17 09:15:02
veracode
veracode
Time-of-check Time-of-use (TOCTOU) Race Condition
2024-07-18 08:55:19
nvd
nvd
CVE-2024-30471
2024-07-17 09:15:02
cve
cve
CVE-2024-30471
2024-07-17 09:15:02
cvelist
cvelist
github
github
AI Score
6.9
Confidence
High
EPSS
0
Percentile
10.7%
SSVC
Exploitation
none
Automatable
yes
Technical Impact
partial
Related for VULNRICHMENT:CVE-2024-30471