CVE-2023-31469

A REST interface in Apache StreamPipes (versions 0.69.0 to 0.91.0) was not properly restricted to admin-only access. This allowed a non-admin user with valid login credentials to elevate privileges beyond the initially assigned roles.
The issue is resolved by upgrading to StreamPipes 0.92.0.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
8.8 HIGH
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Affected Products (NVD)
VendorProductVersion
apachestreampipes
0.69.0 ≤
𝑥
≤ 0.91.0
𝑥
= Vulnerable software versions
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
VendorProductVersionSource
apachestreampipes
0.69.0 ≤
𝑥
≤ 0.91.0
ADP
Common Weakness Enumeration
References
https://lists.apache.org/thread/c4y8kf9bzpf36v4bottfmd8tc9cxo19m
https://lists.apache.org/thread/c4y8kf9bzpf36v4bottfmd8tc9cxo19m