Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
4.9
CVSSv3

CVE-2023-30867

Published: 15/12/2023 Updated: 21/12/2023
CVSS v3 Base Score: 4.9 | Impact Score: 3.6 | Exploitability Score: 1.2
VMScore: 0
Subscribe to Apache

Vulnerability Summary

In the Streampark platform, when users log in to the system and use certain features, some pages provide a name-based fuzzy search, such as job names, role names, etc. The sql syntax :select * from table where jobName like '%jobName%'. However, the jobName field may receive illegal parameters, leading to SQL injection. This could potentially result in information leakage. Mitigation: Users are recommended to upgrade to version 2.1.2, which fixes the issue.

Vulnerable Product Search on Vulmon Subscribe to Product

apache streampark

Mailing Lists

Full Disclosure: CVE-2023-30867: Apache StreamPark (incubating): Authenticated system users could trigger SQL injection vulnerability
<!--X-Body-Begin--> <!--X-User-Header--> oss-sec mailing list archives <!--X-User-Header-End--> <!--X-TopPNI--> By Date By Thread </form> <!--X-TopPNI-End--> <!--X-MsgBody--> <!--X-Subject-Header-Begin--> CVE-2023-30867: Apache StreamPark (incubating): Authenticated system users could trigger SQL injection vulnerability <!--X-Sub ...

References

CWE-89https://lists.apache.org/thread/bhdzh6hnh04yyf3g203bbyvxryd720o2https://nvd.nist.govhttps://seclists.org/oss-sec/2023/q4/280
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4644unprivilegedCVE-2024-3494CVE-2024-22460CVE-2024-26026CVE-2024-23473firewallCVE-2024-28889XML external entity
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook