CVE-2024-24778

CVE-2024-24778: Apache StreamPipes: Resources Permission Escalation

Vendor Apache Software Foundation

Product Apache StreamPipes

Weakness CWE-269

Published March 3, 2025

Last update March 3, 2025

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

Description

Improper privilege management in a REST interface allowed registered users to access unauthorized resources if the resource ID was know. This issue affects Apache StreamPipes: through 0.95.1. Users are recommended to upgrade to version 0.97.0 which fixes the issue.

Key dates

Disclosure timeline

March 3, 2025 CVE published

March 3, 2025 Record updated