CVE-2024-30471

CWE-3675 documents4 sources

Severity

3.7LOW

EPSS

1.1%

top 22.44%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apache Streampipes Apache Software Foundation Apache Streampipes

Timeline

PublishedJul 17

Description

Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Apache StreamPipes in user self-registration. This allows an attacker to potentially request the creation of multiple accounts with the same email address until the email address is registered, creating many identical users and corrupting StreamPipe's user management. This issue affects Apache StreamPipes: through 0.93.0. Users are recommended to upgrade to version 0.95.0, which fixes the issue.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:NExploitability: 2.2 | Impact: 1.4

Affected Packages4 packages

▶NVDapache/streampipes< 0.95.0

▶Mavenorg.apache.streampipes:streampipes-parent< 0.95.0

▶CVEListV5apache_software_foundation/apache_streampipes0.93.0

▶PyPIstreampipes< 0.95.0

🔴Vulnerability Details

CVEList

Apache StreamPipes: Potential creation of multiple identical accounts↗2024-07-17

▶

GHSA

Apache StreamPipes potentially allows creation of multiple identical accounts↗2024-07-17

▶

OSV

Apache StreamPipes potentially allows creation of multiple identical accounts↗2024-07-17

▶

OSV

CVE-2024-30471: Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Apache StreamPipes in user self-registration↗2024-07-17

▶