Cyber Monday Killer Deals: Save $90 on Honeywell Home Smart Thermostat RTH9580EWF

CVE-2024-34457

6.5MEDIUM

Key Information

Vendor
Apache
Status
Apache Streampark
Vendor
CVE Published:
22 July 2024

Summary

On versions before 2.1.4, after a regular user successfully logs in, they can manually make a request using the authorization token to view everyone's user flink information, including executeSQL and config.

Mitigation:

all users should upgrade to 2.1.4

Affected Version(s)

Apache StreamPark < 2.1.4

References

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Collectors

NVD DatabaseMitre Database

Credit

L0ne1y
.