ByteOS Network

NVD Vulnerability Details :

CVE-2024-30471

Modified

Source-security@apache.org

Published At-17 Jul, 2024 | 09:15

Updated At-01 Aug, 2024 | 13:50

Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Apache StreamPipes in user self-registration. This allows an attacker to potentially request the creation of multiple accounts with the same email address until the email address is registered, creating many identical users and corrupting StreamPipe's user management. This issue affects Apache StreamPipes: through 0.93.0. Users are recommended to upgrade to version 0.95.0, which fixes the issue.

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Primary	3.1	3.7	LOW	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
Secondary	3.1	5.3	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Type: Primary

Version: 3.1

Base score: 3.7

Base severity: LOW

Vector:

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N

Type: Secondary

Version: 3.1

Base score: 5.3

Base severity: MEDIUM

Vector:

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

CPE Matches

The Apache Software Foundation

>>streampipes>>Versions before 0.95.0(exclusive)

cpe:2.3:a:apache:streampipes:*:*:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
CWE-367	Primary	security@apache.org
CWE-367	Secondary	134c704f-9b21-4f2e-91b3-4a467353bcc0

CWE ID: CWE-367

Type: Primary

Source: security@apache.org

CWE ID: CWE-367

Type: Secondary

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0

References

Hyperlink	Source	Resource
https://lists.apache.org/thread/8yodrmohgcybq900or3d4hc1msl230fr	security@apache.org	Mailing List Vendor Advisory

Hyperlink: https://lists.apache.org/thread/8yodrmohgcybq900or3d4hc1msl230fr

Source: security@apache.org

Resource:

Mailing List

Vendor Advisory

CISA Catalog

Metrics

CPE Matches

Weaknesses

Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References

Change History