CVE-2023-31469: Improper Privilege Management

June 23, 2023 (updated July 5, 2023)

A REST interface in Apache StreamPipes (versions 0.69.0 to 0.91.0) was not properly restricted to admin-only access. This allowed a non-admin user with valid login credentials to elevate privileges beyond the initially assigned roles. The issue is resolved by upgrading to StreamPipes 0.92.0.

References

github.com/advisories/GHSA-pm73-x2h5-cmj3
lists.apache.org/thread/c4y8kf9bzpf36v4bottfmd8tc9cxo19m
nvd.nist.gov/vuln/detail/CVE-2023-31469

Code Behaviors & Features

Detect and mitigate CVE-2023-31469 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →