漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
Apache StreamPipes: Privilege escalation through non-admin user
Vulnerability Description
A REST interface in Apache StreamPipes (versions 0.69.0 to 0.91.0) was not properly restricted to admin-only access. This allowed a non-admin user with valid login credentials to elevate privileges beyond the initially assigned roles. The issue is resolved by upgrading to StreamPipes 0.92.0.
CVSS Information
N/A
Vulnerability Type
特权管理不恰当
Vulnerability Title
Apache StreamPipes 安全漏洞
Vulnerability Description
Apache StreamPipes是美国阿帕奇(Apache)基金会的一个自助式(工业)物联网工具箱,使非技术用户能够连接、分析和探索 IIoT 数据流。 Apache StreamPipes 0.69.0 到0.91.0版本存在安全漏洞,该漏洞源于REST 接口未正确限制为仅限管理员访问,允许具有有效登录凭据的非管理员用户将权限提升到最初分配的角色之外。
CVSS Information
N/A
Vulnerability Type
N/A