Platform
java
Component
org.apache.streampipes:streampipes-parent
Fixed in
0.95.2
0.97.0
CVE-2024-24778 describes a privilege escalation vulnerability within Apache StreamPipes, affecting versions up to 0.95.1. This flaw allows registered users to access resources they shouldn't, potentially leading to unauthorized data exposure or manipulation. The vulnerability stems from improper privilege management in the REST interface. A fix is available in version 0.97.0.
An attacker exploiting this vulnerability could leverage their registered user account to gain access to sensitive data or functionalities within Apache StreamPipes that are normally restricted. By knowing the ID of a protected resource, an attacker can bypass access controls and retrieve or modify data without proper authorization. The potential impact includes data breaches, system configuration changes, and disruption of StreamPipes operations. While the vulnerability requires knowledge of resource IDs, the ease of discovery could broaden the attack surface.
CVE-2024-24778 was published on 2025-03-03. As of this date, there are no publicly known proof-of-concept exploits. The vulnerability's severity is rated as MEDIUM. It is not currently listed on the CISA KEV catalog. Public exploitation is not confirmed, but the ease of exploitation warrants monitoring.
Exploit Status
EPSS
0.14% (35% percentile)
CVSS Vector
The primary mitigation for CVE-2024-24778 is to upgrade Apache StreamPipes to version 0.97.0 or later, which includes the necessary fixes. If an immediate upgrade is not feasible, consider implementing stricter access controls within StreamPipes to limit the potential impact of unauthorized access. Review and audit existing resource access permissions to ensure they adhere to the principle of least privilege. While a WAF might offer some protection, it's unlikely to be effective without specific rules tailored to this vulnerability.
Actualice Apache StreamPipes a la versión 0.97.0 o superior. Esta versión corrige la vulnerabilidad de escalada de privilegios. La actualización evitará que usuarios no autorizados accedan a recursos a los que no deberían tener acceso.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2024-24778 is a medium-severity vulnerability in Apache StreamPipes versions up to 0.95.1 that allows registered users to access unauthorized resources if the resource ID is known, potentially leading to data breaches.
You are affected if you are running Apache StreamPipes version 0.95.1 or earlier. Upgrade to version 0.97.0 to resolve this issue.
Upgrade Apache StreamPipes to version 0.97.0 or later. If an upgrade is not immediately possible, implement stricter access controls and review existing permissions.
As of 2025-03-03, there are no confirmed reports of active exploitation, but the vulnerability's nature warrants monitoring.
Refer to the Apache StreamPipes security advisories on their official website for the latest information and updates regarding CVE-2024-24778.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.
Upload your pom.xml file and we'll tell you instantly if you're affected.