6.5
CVSSv3

CVE-2024-34457

CVSSv4: NA | CVSSv3: 6.5 | CVSSv2: NA | VMScore: 750 | EPSS: 0.00063 | KEV: Not Included
Published: 22/07/2024 Updated: 21/11/2024

Vulnerability Summary

Unauthorized User Data Exposure via Token in Pre-2.1.4 Versions

In versions before 2.1.4, a regular user can log in and use the authorization token to request access to everyone's user flink information, like executeSQL and config. To fix this, users should upgrade to version 2.1.4.

Vulnerable Product Search on Vulmon Subscribe to Product

apache streampark

Mailing Lists

Severity: moderate Affected versions: - Apache StreamPark 100 before 214 Description: On versions before 214, after a regular user successfully logs in, they can manually make a request using the authorization token to view everyone's user flink information, including executeSQL and config Mitigation: all users should upgrade to 214 ...