Vulnerability Description
In Streampark (version < 2.1.4), when a user logged in successfully, the Backend service would return "Authorization" as the front-end authentication credential. User can use this credential to request other users' information, including the administrator's username, password, salt value, etc. Mitigation: all users should upgrade to 2.1.4
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Apache | Streampark | >= 2.0.0, < 2.1.4 |
Related Weaknesses (CWE)
References
- http://www.openwall.com/lists/oss-security/2024/07/17/4Mailing List
- https://lists.apache.org/thread/y3oqz7l8vd7jxxx3z2khgl625nvfr60jMailing ListVendor Advisory
- http://www.openwall.com/lists/oss-security/2024/07/17/4Mailing List
- https://lists.apache.org/thread/y3oqz7l8vd7jxxx3z2khgl625nvfr60jMailing ListVendor Advisory
FAQ
What is CVE-2024-29120?
CVE-2024-29120 is a vulnerability with a CVSS score of 5.9 (MEDIUM). In Streampark (version < 2.1.4), when a user logged in successfully, the Backend service would return "Authorization" as the front-end authentication credential. User can use this credential to reque...
How severe is CVE-2024-29120?
CVE-2024-29120 has been rated MEDIUM with a CVSS base score of 5.9/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2024-29120?
Check the references section above for vendor advisories and patch information. Affected products include: Apache Streampark.