CVE-2024-24778

CWE-269 — Improper Privilege Management5 documents4 sources

Severity

6.5MEDIUM

EPSS

0.2%

top 61.03%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apache Streampipes Apache Software Foundation Apache Streampipes

Timeline

PublishedMar 3

Description

Improper privilege management in a REST interface allowed registered users to access unauthorized resources if the resource ID was know. This issue affects Apache StreamPipes: through 0.95.1. Users are recommended to upgrade to version 0.97.0 which fixes the issue.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages4 packages

▶NVDapache/streampipes< 0.97.0

▶Mavenorg.apache.streampipes:streampipes-parent< 0.97.0

▶CVEListV5apache_software_foundation/apache_streampipes0.95.1

▶PyPIstreampipes< 0.97.0

🔴Vulnerability Details

CVEList

Apache StreamPipes: Resources Permission Escalation↗2025-03-03

▶

OSV

Apache StreamPipes has improper privilege management in a REST interface↗2025-03-03

▶

OSV

CVE-2024-24778: Improper privilege management in a REST interface allowed registered users to access unauthorized resources if the resource ID was know↗2025-03-03

▶

GHSA

Apache StreamPipes has improper privilege management in a REST interface↗2025-03-03

▶