CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2024-29120

In Streampark (version < 2.1.4), when a user logged in successfully, the Backend service would return "Authorization" as the front-end authentication credential. User can use this credential to request other users' information, including the administrator's username, password, salt value, etc. Mitigation: all users should upgrade to 2.1.4

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 20.6%

CVSS Severity

CVSS v3 Score 5.9

References

http://www.openwall.com/lists/oss-security/2024/07/17/4
https://lists.apache.org/thread/y3oqz7l8vd7jxxx3z2khgl625nvfr60j
http://www.openwall.com/lists/oss-security/2024/07/17/4
https://lists.apache.org/thread/y3oqz7l8vd7jxxx3z2khgl625nvfr60j

Products affected by CVE-2024-29120

Apache » Streampark » Version: 2.0.0

cpe:2.3:a:apache:streampark:2.0.0
Apache » Streampark » Version: 2.1.0

cpe:2.3:a:apache:streampark:2.1.0
Apache » Streampark » Version: 2.1.1

cpe:2.3:a:apache:streampark:2.1.1
Apache » Streampark » Version: 2.1.2

cpe:2.3:a:apache:streampark:2.1.2
Apache » Streampark » Version: 2.1.3

cpe:2.3:a:apache:streampark:2.1.3

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2024-29120

Products

Pricing

Contact Us