QwikSec

Security Database

CVE

CWE

Training

CVE-2023-31469

Published: Jun 23, 2023

Modified: Oct 9, 2024

PUBLISHED

Description

A REST interface in Apache StreamPipes (versions 0.69.0 to 0.91.0) was not properly restricted to admin-only access. This allowed a non-admin user with valid login credentials to elevate privileges beyond the initially assigned roles. The issue is resolved by upgrading to StreamPipes 0.92.0.

Vendor	Product	Versions
Apache Software Foundation	Apache StreamPipes	affected `0.69.0 - <= 0.91.0`

Weaknesses (CWE)

References

https://lists.apache.org/thread/c4y8kf9bzpf36v4bottfmd8tc9cxo19m

vendor-advisory

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.