Vulnerabilities > CVE-2024-34457 - Unspecified vulnerability in Apache Streampark
Attack vector
NETWORK Attack complexity
LOW Privileges required
LOW Confidentiality impact
HIGH Integrity impact
NONE Availability impact
NONE Summary
On versions before 2.1.4, after a regular user successfully logs in, they can manually make a request using the authorization token to view everyone's user flink information, including executeSQL and config. Mitigation: all users should upgrade to 2.1.4
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 31 |