In Streampark (version < 2.1.4), when a user logged in successfully, the Backend service would return "Authorization" as the front-end authentication credential. User can use this credential to request other users' information, including the administrator's username, password, salt value, etc.
Mitigation:
all users should upgrade to 2.1.4
References
Link | Resource |
---|---|
http://www.openwall.com/lists/oss-security/2024/07/17/4 | Mailing List |
https://lists.apache.org/thread/y3oqz7l8vd7jxxx3z2khgl625nvfr60j | Mailing List Vendor Advisory |
http://www.openwall.com/lists/oss-security/2024/07/17/4 | Mailing List |
https://lists.apache.org/thread/y3oqz7l8vd7jxxx3z2khgl625nvfr60j | Mailing List Vendor Advisory |
Configurations
History
23 Jun 2025, 18:09
Type | Values Removed | Values Added |
---|---|---|
References | () http://www.openwall.com/lists/oss-security/2024/07/17/4 - Mailing List | |
References | () https://lists.apache.org/thread/y3oqz7l8vd7jxxx3z2khgl625nvfr60j - Mailing List, Vendor Advisory | |
CPE | cpe:2.3:a:apache:streampark:*:*:*:*:*:*:*:* | |
First Time |
Apache
Apache streampark |
13 Feb 2025, 18:17
Type | Values Removed | Values Added |
---|---|---|
Summary | (en) In Streampark (version < 2.1.4), when a user logged in successfully, the Backend service would return "Authorization" as the front-end authentication credential. User can use this credential to request other users' information, including the administrator's username, password, salt value, etc. Mitigation: all users should upgrade to 2.1.4 |
21 Nov 2024, 09:07
Type | Values Removed | Values Added |
---|---|---|
References | () http://www.openwall.com/lists/oss-security/2024/07/17/4 - | |
References | () https://lists.apache.org/thread/y3oqz7l8vd7jxxx3z2khgl625nvfr60j - |
14 Nov 2024, 17:35
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 5.9 |
CWE | CWE-922 |
18 Jul 2024, 12:28
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
17 Jul 2024, 16:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
17 Jul 2024, 15:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-07-17 15:15
Updated : 2025-06-23 18:09
NVD link : CVE-2024-29120
Mitre link : CVE-2024-29120
CVE.ORG link : CVE-2024-29120
JSON object : View
Products Affected
apache
- streampark