Vulnerability Details CVE-2024-24778
Improper privilege management in a REST interface allowed registered users to access unauthorized resources if the resource ID was know.
This issue affects Apache StreamPipes: through 0.95.1.
Users are recommended to upgrade to version 0.97.0 which fixes the issue.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 24.2%
CVSS Severity
CVSS v3 Score 6.5
References
Products affected by CVE-2024-24778
-
cpe:2.3:a:apache:streampipes:0.55.1
-
cpe:2.3:a:apache:streampipes:0.55.2
-
cpe:2.3:a:apache:streampipes:0.60.0
-
cpe:2.3:a:apache:streampipes:0.60.1
-
cpe:2.3:a:apache:streampipes:0.61.0
-
cpe:2.3:a:apache:streampipes:0.62.0
-
cpe:2.3:a:apache:streampipes:0.63.0
-
cpe:2.3:a:apache:streampipes:0.64.0
-
cpe:2.3:a:apache:streampipes:0.65.0
-
cpe:2.3:a:apache:streampipes:0.66.0
-
cpe:2.3:a:apache:streampipes:0.67.0
-
cpe:2.3:a:apache:streampipes:0.68.0
-
cpe:2.3:a:apache:streampipes:0.69.0
-
cpe:2.3:a:apache:streampipes:0.70.0
-
cpe:2.3:a:apache:streampipes:0.90.0
-
cpe:2.3:a:apache:streampipes:0.91.0
-
cpe:2.3:a:apache:streampipes:0.92.0
-
cpe:2.3:a:apache:streampipes:0.93.0
-
cpe:2.3:a:apache:streampipes:0.95.0
-
cpe:2.3:a:apache:streampipes:0.95.1