Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [day] [month] [year] [list]
Date: Thu, 22 Jun 2023 20:12:03 +0000
From: Dominik Riemer <>
Subject: CVE-2023-31469: Apache StreamPipes: Privilege escalation through
 non-admin user 

Severity: important

Affected versions:

- Apache StreamPipes 0.69.0 through 0.91.0


A REST interface in Apache StreamPipes (versions 0.69.0 to 0.91.0) was not properly restricted to admin-only access. This allowed a non-admin user with valid login credentials to elevate privileges beyond the initially assigned roles.
The issue is resolved by upgrading to StreamPipes 0.92.0.


Xun Bai, LJQC Open Source Security Institute (finder)


Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.