oss-sec mailing list archives
CVE-2023-31469: Apache StreamPipes: Privilege escalation through non-admin user
From: Dominik Riemer <riemer () apache org>
Date: Thu, 22 Jun 2023 20:12:03 +0000
Severity: important Affected versions: - Apache StreamPipes 0.69.0 through 0.91.0 Description: A REST interface in Apache StreamPipes (versions 0.69.0 to 0.91.0) was not properly restricted to admin-only access. This allowed a non-admin user with valid login credentials to elevate privileges beyond the initially assigned roles. The issue is resolved by upgrading to StreamPipes 0.92.0. Credit: Xun Bai, LJQC Open Source Security Institute (finder) References: https://streampipes.apache.org https://www.cve.org/CVERecord?id=CVE-2023-31469
Current thread:
- CVE-2023-31469: Apache StreamPipes: Privilege escalation through non-admin user Dominik Riemer (Jun 22)