logo

Database

Excessive privileges In org.apache.streampipes:streampipes-parent

Description

Apache StreamPipes Improper Privilege Management vulnerability A REST interface in Apache StreamPipes (versions 0.69.0 to 0.91.0) was not properly restricted to admin-only access. This allowed a non-admin user with valid login credentials to elevate privileges beyond the initially assigned roles. The issue is resolved by upgrading to StreamPipes 0.92.0.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem
Package
Affected version
Patched versions

Aliases

1. CVE-2023-314692. NVD-2023-314693. OSV-2023-314694. GCVE-2023-31469

References

1. https://lists.apache.org/thread/c4y8kf9bzpf36v4bottfmd8tc9cxo19m

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.