CVE-2023-31469

A REST interface in Apache StreamPipes (versions 0.69.0 to 0.91.0) was not properly restricted to admin-only access. This allowed a non-admin user with valid login credentials to elevate privileges beyond the initially assigned roles.
The issue is resolved by upgrading to StreamPipes 0.92.0.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
8.8 HIGH
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
apacheCNA
---
---
CVEADP
---
---
CISA-ADPADP
8.8 HIGH
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 28%
VendorProductVersion
apachestreampipes
0.69.0 ≤
𝑥
≤ 0.91.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://lists.apache.org/thread/c4y8kf9bzpf36v4bottfmd8tc9cxo19m
https://lists.apache.org/thread/c4y8kf9bzpf36v4bottfmd8tc9cxo19m