Vulnerability Details : CVE-2023-31469
A REST interface in Apache StreamPipes (versions 0.69.0 to 0.91.0) was not properly restricted to admin-only access. This allowed a non-admin user with valid login credentials to elevate privileges beyond the initially assigned roles.
The issue is resolved by upgrading to StreamPipes 0.92.0.
Products affected by CVE-2023-31469
- cpe:2.3:a:apache:streampipes:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2023-31469
0.11%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 45 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2023-31469
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
8.8
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
2.8
|
5.9
|
134c704f-9b21-4f2e-91b3-4a467353bcc0 | 2024-10-09 |
8.8
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
2.8
|
5.9
|
NIST |
CWE ids for CVE-2023-31469
-
The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.Assigned by: security@apache.org (Primary)
References for CVE-2023-31469
-
https://lists.apache.org/thread/c4y8kf9bzpf36v4bottfmd8tc9cxo19m
CVE-2023-31469: Apache StreamPipes: Privilege escalation through non-admin user-Apache Mail ArchivesMailing List;Vendor Advisory
Jump to