QwikSec

Security Database

CVE

CWE

Training

CVE-2024-34457

Published: Jul 22, 2024

Modified: Nov 4, 2024

PUBLISHED

Description

On versions before 2.1.4, after a regular user successfully logs in, they can manually make a request using the authorization token to view everyone's user flink information, including executeSQL and config. Mitigation: all users should upgrade to 2.1.4

Vendor	Product	Versions
Apache Software Foundation	Apache StreamPark	affected `1.0.0 - < 2.1.4`

Weaknesses (CWE)

References

https://lists.apache.org/thread/brlfrmvw9dcv38zoofmhxg7qookmwn7j

vendor-advisory

https://www.openwall.com/lists/oss-security/2024/07/22/2

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.