QwikSec

Security Database

CVE

CWE

Training

CVE Database
/

CVE-2024-29120

Back to search

CVE-2024-29120

Published: Jul 17, 2024

Modified: Feb 13, 2025

PUBLISHED

Description

In Streampark (version < 2.1.4), when a user logged in successfully, the Backend service would return "Authorization" as the front-end authentication credential. User can use this credential to request other users' information, including the administrator's username, password, salt value, etc.  Mitigation: all users should upgrade to 2.1.4

VendorProductVersions

Apache Software Foundation

Apache StreamPark

affected
2.0.0 - < 2.1.4

Weaknesses (CWE)

CWE-212

References

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now