CNNVD-202601-024 Information
CNNVD ID
CNNVD-202601-024
Related CVE
- CNNVD Published: 2026-01-01
Description (Chinese)
Apache StreamPipes是美国阿帕奇(Apache)基金会的一个自助式(工业)物联网工具箱,使非技术用户能够连接、分析和探索 IIoT 数据流。 Apache StreamPipes 0.97.0及之前版本存在安全漏洞,该漏洞源于用户ID创建机制存在缺陷,可能导致权限提升。
Description (English)
Apache StreamPipes is a self-service (industrial) networking toolbox of the Apache Foundation in the United States, which enables non-technical users to connect, analyse and explore IIOT data flows. There is a security loophole in Apache StreamPipes 0.97.0 and earlier versions, which stems from deficiencies in the user-ID creation mechanism, which may lead to enhanced privileges.
Hazard Level
Medium
Vulnerability Type
其他
Affected Vendor
阿帕奇
Published
2026-01-01
Last Modified
2026-02-24
References
https://lists.apache.org/thread/lngko4ht2ok3o0rk9h0clgm4kb0lmt36 http://www.openwall.com/lists/oss-security/2025/12/29/14
Patch
https://lists.apache.org/thread/lngko4ht2ok3o0rk9h0clgm4kb0lmt36
Share on: