High severityNVD Advisory· Published Jun 23, 2023· Updated Oct 9, 2024
Apache StreamPipes: Privilege escalation through non-admin user
CVE-2023-31469
Description
A REST interface in Apache StreamPipes (versions 0.69.0 to 0.91.0) was not properly restricted to admin-only access. This allowed a non-admin user with valid login credentials to elevate privileges beyond the initially assigned roles. The issue is resolved by upgrading to StreamPipes 0.92.0.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
org.apache.streampipes:streampipes-parentMaven | >= 0.69.0, < 0.92.0 | 0.92.0 |
Affected products
2- Range: 0.69.0
Patches
Vulnerability mechanics
References
3- github.com/advisories/GHSA-pm73-x2h5-cmj3ghsaADVISORY
- lists.apache.org/thread/c4y8kf9bzpf36v4bottfmd8tc9cxo19mghsavendor-advisoryWEB
- nvd.nist.gov/vuln/detail/CVE-2023-31469ghsaADVISORY
News mentions
0No linked articles in our index yet.