Fluid Attacks Database

Description

Apache StreamPipes has improper privilege management in a REST interface Improper privilege management in a REST interface allowed registered users to access unauthorized resources if the resource ID was known.

This issue affects Apache StreamPipes: through 0.95.1.

Users are recommended to upgrade to version 0.97.0 which fixes the issue.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
pypi	streampipes	>=0 <0.97.0	0.97.0
maven	org.apache.streampipes:streampipes-parent	>=0 <0.97.0	0.97.0

Aliases

1. CVE-2024-247782. NVD-2024-247783. OSV-2024-247784. GCVE-2024-24778

References

1. https://github.com/pypa/advisory-database/tree/main/vulns/streampipes/PYSEC-2025-66.yaml2. https://lists.apache.org/thread/j14w6wghlwwrgfgc6hoz9f94fwxtlgzh3. http://www.openwall.com/lists/oss-security/2025/03/03/1