Maven package
org.apache.streampipes/streampipes-parent
pkg:maven/org.apache.streampipes/streampipes-parent
Vulnerabilities (6)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-47411 | — | >= 0.69.0, < 0.98.0 | 0.98.0 | Jan 1, 2026 | A user with a legitimate non-administrator account can exploit a vulnerability in the user ID creation mechanism in Apache StreamPipes that allows them to swap the username of an existing user with that of an administrator. This vulnerability allows an attacker to gain administ | ||
| CVE-2024-24778 | — | < 0.97.0 | 0.97.0 | Mar 3, 2025 | Improper privilege management in a REST interface allowed registered users to access unauthorized resources if the resource ID was know. This issue affects Apache StreamPipes: through 0.95.1. Users are recommended to upgrade to version 0.97.0 which fixes the issue. | ||
| CVE-2024-31411 | — | < 0.95.0 | 0.95.0 | Jul 17, 2024 | Unrestricted Upload of File with dangerous type vulnerability in Apache StreamPipes. Such a dangerous type might be an executable file that may lead to a remote code execution (RCE). The unrestricted upload is only possible for authenticated and authorized users. This issue affec | ||
| CVE-2024-31979 | — | < 0.95.0 | 0.95.0 | Jul 17, 2024 | Server-Side Request Forgery (SSRF) vulnerability in Apache StreamPipes during installation process of pipeline elements. Previously, StreamPipes allowed users to configure custom endpoints from which to install additional pipeline elements. These endpoints were not properly vali | ||
| CVE-2024-30471 | — | < 0.95.0 | 0.95.0 | Jul 17, 2024 | Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Apache StreamPipes in user self-registration. This allows an attacker to potentially request the creation of multiple accounts with the same email address until the email address is registered, creating many ident | ||
| CVE-2023-31469 | — | >= 0.69.0, < 0.92.0 | 0.92.0 | Jun 23, 2023 | A REST interface in Apache StreamPipes (versions 0.69.0 to 0.91.0) was not properly restricted to admin-only access. This allowed a non-admin user with valid login credentials to elevate privileges beyond the initially assigned roles. The issue is resolved by upgrading to Stream |
- CVE-2025-47411Jan 1, 2026affected >= 0.69.0, < 0.98.0fixed 0.98.0
A user with a legitimate non-administrator account can exploit a vulnerability in the user ID creation mechanism in Apache StreamPipes that allows them to swap the username of an existing user with that of an administrator. This vulnerability allows an attacker to gain administ
- CVE-2024-24778Mar 3, 2025affected < 0.97.0fixed 0.97.0
Improper privilege management in a REST interface allowed registered users to access unauthorized resources if the resource ID was know. This issue affects Apache StreamPipes: through 0.95.1. Users are recommended to upgrade to version 0.97.0 which fixes the issue.
- CVE-2024-31411Jul 17, 2024affected < 0.95.0fixed 0.95.0
Unrestricted Upload of File with dangerous type vulnerability in Apache StreamPipes. Such a dangerous type might be an executable file that may lead to a remote code execution (RCE). The unrestricted upload is only possible for authenticated and authorized users. This issue affec
- CVE-2024-31979Jul 17, 2024affected < 0.95.0fixed 0.95.0
Server-Side Request Forgery (SSRF) vulnerability in Apache StreamPipes during installation process of pipeline elements. Previously, StreamPipes allowed users to configure custom endpoints from which to install additional pipeline elements. These endpoints were not properly vali
- CVE-2024-30471Jul 17, 2024affected < 0.95.0fixed 0.95.0
Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Apache StreamPipes in user self-registration. This allows an attacker to potentially request the creation of multiple accounts with the same email address until the email address is registered, creating many ident
- CVE-2023-31469Jun 23, 2023affected >= 0.69.0, < 0.92.0fixed 0.92.0
A REST interface in Apache StreamPipes (versions 0.69.0 to 0.91.0) was not properly restricted to admin-only access. This allowed a non-admin user with valid login credentials to elevate privileges beyond the initially assigned roles. The issue is resolved by upgrading to Stream