Vulnerability Details CVE-2024-29868
Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) vulnerability in Apache StreamPipes user self-registration and password recovery mechanism.
This allows an attacker to guess the recovery token in a reasonable time and thereby to take over the attacked user's account.
This issue affects Apache StreamPipes: from 0.69.0 through 0.93.0.
Users are recommended to upgrade to version 0.95.0, which fixes the issue.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.607
EPSS Ranking 98.2%
CVSS Severity
CVSS v3 Score 9.1
References
Products affected by CVE-2024-29868
-
cpe:2.3:a:apache:streampipes:0.69.0
-
cpe:2.3:a:apache:streampipes:0.70.0
-
cpe:2.3:a:apache:streampipes:0.90.0
-
cpe:2.3:a:apache:streampipes:0.91.0
-
cpe:2.3:a:apache:streampipes:0.92.0
-
cpe:2.3:a:apache:streampipes:0.93.0