CVE-2023-31469

CVE-2023-31469: Apache StreamPipes: Privilege escalation through non-admin user

Vendor Apache Software Foundation

Product Apache StreamPipes

Weakness CWE-269

Published June 23, 2023

Last update October 9, 2024

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

Description

A REST interface in Apache StreamPipes (versions 0.69.0 to 0.91.0) was not properly restricted to admin-only access. This allowed a non-admin user with valid login credentials to elevate privileges beyond the initially assigned roles. The issue is resolved by upgrading to StreamPipes 0.92.0.

Key dates

Disclosure timeline

June 23, 2023 CVE published

October 9, 2024 Record updated