CVE-2024-34457

CVE-2024-34457: Apache StreamPark IDOR Vulnerability

Vendor Apache Software Foundation

Product Apache StreamPark

Weakness CWE-639 · IDOR

Published July 22, 2024

Last update November 4, 2024

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

Description

On versions before 2.1.4, after a regular user successfully logs in, they can manually make a request using the authorization token to view everyone's user flink information, including executeSQL and config. Mitigation: all users should upgrade to 2.1.4

Key dates

Disclosure timeline

July 22, 2024 CVE published

November 4, 2024 Record updated