QwikSec

Security Database

CVE

CWE

Training

CVE Database
/

CVE-2024-29070

Back to search

CVE-2024-29070

Published: Jul 23, 2024

Modified: Sep 13, 2024

PUBLISHED

Description

On versions before 2.1.4, session is not invalidated after logout. When the user logged in successfully, the Backend service returns "Authorization" as the front-end authentication credential. "Authorization" can still initiate requests and access data even after logout. Mitigation: all users should upgrade to 2.1.4

VendorProductVersions

Apache Software Foundation

Apache StreamPark

affected
1.0.0 - < 2.1.4

Weaknesses (CWE)

CWE-613

References

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now