CVE-2022-46365: Apache StreamPark (incubating) Severity: moderate Description: Logic error causing any account reset in Apache StreamPark References: - - Discussion Summary: Louis Nyffenegger noted a security concern regarding the use of a hardcoded password value when resetting passwords, which could allow an attacker to hijack an account. Huajie Wang responded: - Clarified that the reset password operation is a super administrator function and is secure. - The operation requires the annotation in the controller. Follow-up from Huajie Wang: - Acknowledged that the reset password is hardcoded and may cause security issues. - Stated that the team started fixing the issue and will generate a random password to return.