On versions before 2.1.4, after a regular user successfully logs in, they can manually make a request using the authorization token to view everyone's user flink information, including executeSQL and config.
Mitigation:
all users should upgrade to 2.1.4
Metrics
Affected Vendors & Products
References
History
Fri, 22 Nov 2024 12:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
References |
|
Mon, 04 Nov 2024 22:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
Metrics |
ssvc
|
Wed, 11 Sep 2024 11:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Weaknesses | CWE-269 |
Wed, 11 Sep 2024 11:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | On versions before 2.1.4, after a regular user successfully logs in, they can manually make a request using the authorization token to view everyone's user flink information, including executeSQL and config. Mitigation: all users should upgrade to 2.1.4 | On versions before 2.1.4, after a regular user successfully logs in, they can manually make a request using the authorization token to view everyone's user flink information, including executeSQL and config. Mitigation: all users should upgrade to 2.1.4 |
References |
|
Tue, 10 Sep 2024 15:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Apache
Apache streampark |
|
Weaknesses | CWE-639 | |
CPEs | cpe:2.3:a:apache:streampark:*:*:*:*:*:*:*:* | |
Vendors & Products |
Apache
Apache streampark |
|
Metrics |
cvssV3_1
|
MITRE
Status: PUBLISHED
Assigner: apache
Published: 2024-07-22T09:48:23.130Z
Updated: 2024-11-04T21:27:42.331Z
Reserved: 2024-05-04T01:42:52.214Z
Link: CVE-2024-34457
Vulnrichment
Updated: 2024-08-02T02:51:11.536Z
NVD
Status : Modified
Published: 2024-07-22T10:15:03.607
Modified: 2024-11-21T09:18:43.260
Link: CVE-2024-34457
Redhat
No data.