A REST interface in Apache StreamPipes (versions 0.69.0 to 0.91.0) was not properly restricted to admin-only access. This allowed a non-admin user with valid login credentials to elevate privileges beyond the initially assigned roles.
The issue is resolved by upgrading to StreamPipes 0.92.0.
References
Link | Resource |
---|---|
https://lists.apache.org/thread/c4y8kf9bzpf36v4bottfmd8tc9cxo19m | Mailing List Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: apache
Published: 2023-06-23T07:07:42.875Z
Updated: 2023-06-23T07:07:42.875Z
Reserved: 2023-04-28T19:12:18.352Z
Link: CVE-2023-31469
JSON object: View
NVD Information
Status : Analyzed
Published: 2023-06-23T08:15:09.220
Modified: 2023-07-05T13:21:25.333
Link: CVE-2023-31469
JSON object: View
Redhat Information
No data.
CWE