CVE-2024-31979

Server-Side Request Forgery (SSRF) vulnerability in Apache StreamPipes during installation process of pipeline elements. Previously, StreamPipes allowed users to configure custom endpoints from which to install additional pipeline elements. These endpoints were not properly validated, allowing an attacker to get StreamPipes to send an HTTP GET request to an arbitrary address. This issue affects Apache StreamPipes: through 0.93.0. Users are recommended to upgrade to version 0.95.0, which fixes the issue.
Configurations

Configuration 1 (hide)

cpe:2.3:a:apache:streampipes:*:*:*:*:*:*:*:*

History

21 Nov 2024, 09:14

Type Values Removed Values Added
References
  • () http://www.openwall.com/lists/oss-security/2024/07/16/11 -
References () https://lists.apache.org/thread/8lryp3bxnby9kmk13odkz2jbfdjfvf0y - Mailing List, Vendor Advisory () https://lists.apache.org/thread/8lryp3bxnby9kmk13odkz2jbfdjfvf0y - Mailing List, Vendor Advisory

25 Jul 2024, 13:38

Type Values Removed Values Added
References () https://lists.apache.org/thread/8lryp3bxnby9kmk13odkz2jbfdjfvf0y - () https://lists.apache.org/thread/8lryp3bxnby9kmk13odkz2jbfdjfvf0y - Mailing List, Vendor Advisory
Summary
  • (es) Vulnerabilidad de Server-Side Request Forgery (SSRF) en Apache StreamPipes durante el proceso de instalación de elementos de canalización. Anteriormente, StreamPipes permitía a los usuarios configurar endpoints personalizados desde los cuales instalar elementos de canalización adicionales. Estos endpoints no se validaron adecuadamente, lo que permitió que un atacante lograra que StreamPipes enviara una solicitud HTTP GET a una dirección arbitraria. Este problema afecta a Apache StreamPipes: hasta 0.93.0. Se recomienda a los usuarios actualizar a la versión 0.95.0, que soluciona el problema.
CPE cpe:2.3:a:apache:streampipes:*:*:*:*:*:*:*:*
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 4.3
First Time Apache streampipes
Apache

17 Jul 2024, 09:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-07-17 09:15

Updated : 2024-11-21 09:14


NVD link : CVE-2024-31979

Mitre link : CVE-2024-31979

CVE.ORG link : CVE-2024-31979


JSON object : View

Products Affected

apache

  • streampipes
CWE
CWE-918

Server-Side Request Forgery (SSRF)