CVE-2024-29120

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2024-29120

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-29120.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2024-29120

Aliases

GHSA-hcf8-5j78-887v

Published

2024-07-17T15:15:14Z

Modified

2025-07-01T15:47:04.395772Z

Summary

[none]

Details

In Streampark (version < 2.1.4), when a user logged in successfully, the Backend service would return "Authorization" as the front-end authentication credential. User can use this credential to request other users' information, including the administrator's username, password, salt value, etc.

Mitigation:

all users should upgrade to 2.1.4

References

Affected packages

Git / github.com/apache/incubator-streampark

Affected ranges

Type: GIT
Repo: https://github.com/apache/incubator-streampark
Events: Introduced

6788ebae61d2f6d5122572229ce0a3a2555cc46d

Fixed

c3c468c9192dd87b4ae430a41735bde7a391dfba

Affected versions

v2.*

v2.0.0

v2.0.0-rc7

v2.1.0

v2.1.0-rc1

v2.1.1

v2.1.1-rc1

v2.1.2

v2.1.2-rc1

v2.1.2-rc2

v2.1.2-rc3

v2.1.2-rc4

v2.1.3

v2.1.3-rc1

v2.1.4-rc1