Skip to main content

Streampipes

7 CVEs product

Monthly

CVE-2025-47411 Maven HIGH PATCH This Week

A user with a legitimate non-administrator account can exploit a vulnerability in the user ID creation mechanism in Apache StreamPipes that allows them to swap the username of an existing user with that of an administrator. [CVSS 8.1 HIGH]

Apache Streampipes
NVD
CVSS 3.1
8.1
EPSS
0.0%
CVE-2024-24778 LIB MEDIUM PATCH This Month

Improper privilege management in a REST interface allowed registered users to access unauthorized resources if the resource ID was know.95.1. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apache Privilege Escalation Streampipes
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2024-31411 LIB HIGH PATCH This Week

Unrestricted Upload of File with dangerous type vulnerability in Apache StreamPipes. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Apache File Upload Streampipes
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2024-31979 LIB MEDIUM PATCH This Month

Server-Side Request Forgery (SSRF) vulnerability in Apache StreamPipes during installation process of pipeline elements. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF Apache Streampipes
NVD
CVSS 3.1
4.3
EPSS
0.7%
CVE-2024-30471 LIB LOW PATCH Monitor

Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Apache StreamPipes in user self-registration. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Apache Information Disclosure Streampipes
NVD
CVSS 3.1
3.7
EPSS
0.7%
CVE-2024-29868 Maven CRITICAL POC PATCH Act Now

Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) vulnerability in Apache StreamPipes user self-registration and password recovery mechanism. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Information Disclosure Streampipes
NVD
CVSS 3.1
9.1
EPSS
6.0%
CVE-2023-31469 Maven HIGH PATCH This Week

A REST interface in Apache StreamPipes (versions 0.69.0 to 0.91.0) was not properly restricted to admin-only access. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Apache Streampipes
NVD
CVSS 3.1
8.8
EPSS
1.1%
EPSS 0% CVSS 8.1
HIGH PATCH This Week

A user with a legitimate non-administrator account can exploit a vulnerability in the user ID creation mechanism in Apache StreamPipes that allows them to swap the username of an existing user with that of an administrator. [CVSS 8.1 HIGH]

Apache Streampipes
NVD
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Improper privilege management in a REST interface allowed registered users to access unauthorized resources if the resource ID was know.95.1. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apache Privilege Escalation Streampipes
NVD
EPSS 1% CVSS 8.8
HIGH PATCH This Week

Unrestricted Upload of File with dangerous type vulnerability in Apache StreamPipes. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Apache File Upload +1
NVD
EPSS 1% CVSS 4.3
MEDIUM PATCH This Month

Server-Side Request Forgery (SSRF) vulnerability in Apache StreamPipes during installation process of pipeline elements. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF Apache Streampipes
NVD
EPSS 1% CVSS 3.7
LOW PATCH Monitor

Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Apache StreamPipes in user self-registration. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Apache Information Disclosure Streampipes
NVD
EPSS 6% CVSS 9.1
CRITICAL POC PATCH Act Now

Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) vulnerability in Apache StreamPipes user self-registration and password recovery mechanism. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Information Disclosure Streampipes
NVD
EPSS 1% CVSS 8.8
HIGH PATCH This Week

A REST interface in Apache StreamPipes (versions 0.69.0 to 0.91.0) was not properly restricted to admin-only access. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Apache Streampipes
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy