Vulnerability Details CVE-2023-31469
A REST interface in Apache StreamPipes (versions 0.69.0 to 0.91.0) was not properly restricted to admin-only access. This allowed a non-admin user with valid login credentials to elevate privileges beyond the initially assigned roles.
The issue is resolved by upgrading to StreamPipes 0.92.0.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 28.0%
CVSS Severity
CVSS v3 Score 8.8
References
Products affected by CVE-2023-31469
-
cpe:2.3:a:apache:streampipes:0.69.0
-
cpe:2.3:a:apache:streampipes:0.70.0
-
cpe:2.3:a:apache:streampipes:0.90.0
-
cpe:2.3:a:apache:streampipes:0.91.0