oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

CVE-2024-30471: Apache StreamPipes: Potential creation of multiple identical accounts

From: Dominik Riemer <riemer () apache org>
Date: Tue, 16 Jul 2024 19:00:49 +0000
Severity: moderate

Affected versions:

- Apache StreamPipes through 0.93.0

Description:

Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Apache StreamPipes in user self-registration.
This allows an attacker to potentially request the creation of multiple accounts with the same email address until the 
email address is registered, creating many identical users and corrupting StreamPipe's user management.
This issue affects Apache StreamPipes: through 0.93.0.

Users are recommended to upgrade to version 0.95.0, which fixes the issue.

Credit:

TonyNT from VNPT-NET (finder)

References:

https://streampipes.apache.org
https://www.cve.org/CVERecord?id=CVE-2024-30471
Previous By Date Next
Previous By Thread Next

Current thread: