CVE-2022-46365

Apache StreamPark 1.0.0 before 2.0.0 When the user successfully logs in, to modify his profile, the username will be passed to the server-layer as a parameter, but not verified whether the user name is the currently logged user and whether the user is legal, This will allow malicious attackers to send any username to modify and reset the account, Users of the affected versions should upgrade to Apache StreamPark 2.0.0 or later.
Configurations

Configuration 1 (hide)

cpe:2.3:a:apache:streampark:*:*:*:*:*:*:*:*

History

21 Nov 2024, 07:30

Type Values Removed Values Added
References () https://lists.apache.org/thread/f68lcwrp8pcdc4yrbpcm8j7m0f5mjn7h - Mailing List () https://lists.apache.org/thread/f68lcwrp8pcdc4yrbpcm8j7m0f5mjn7h - Mailing List

09 May 2023, 18:04

Type Values Removed Values Added
CPE cpe:2.3:a:apache:streampark:*:*:*:*:*:*:*:*
CWE CWE-20 NVD-CWE-noinfo
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 9.1
References (MISC) https://lists.apache.org/thread/f68lcwrp8pcdc4yrbpcm8j7m0f5mjn7h - (MISC) https://lists.apache.org/thread/f68lcwrp8pcdc4yrbpcm8j7m0f5mjn7h - Mailing List

01 May 2023, 15:15

Type Values Removed Values Added
New CVE

Information

Published : 2023-05-01 15:15

Updated : 2024-11-21 07:30


NVD link : CVE-2022-46365

Mitre link : CVE-2022-46365

CVE.ORG link : CVE-2022-46365


JSON object : View

Products Affected

apache

  • streampark
CWE
CWE-20

Improper Input Validation

NVD-CWE-noinfo