VYPR
Unrated severityNVD Advisory· Published Jul 23, 2024· Updated Sep 13, 2024

Apache StreamPark: session not invalidated after logout

CVE-2024-29070

Description

On versions before 2.1.4, session is not invalidated after logout. When the user logged in successfully, the Backend service returns "Authorization" as the front-end authentication credential. "Authorization" can still initiate requests and access data even after logout.

Mitigation:

all users should upgrade to 2.1.4

Affected products

1

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.