Authorization Vulnerability in Backend Service Before 2.1.4
CVE-2024-29070

Currently unrated

Key Information:

Vendor: Apache
Status: Apache Streampark
Vendor: CVE Published:; 23 July 2024

What is CVE-2024-29070?

On versions before 2.1.4, session is not invalidated after logout. When the user logged in successfully, the Backend service returns "Authorization" as the front-end authentication credential. "Authorization" can still initiate requests and access data even after logout.

Mitigation:

all users should upgrade to 2.1.4

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch