Vulnerability CVE-2024-34457
Published: 2024-07-22

Description:
On versions before 2.1.4, after a regular user successfully logs in, they can manually make a request using the authorization token to view everyone's user flink information, including executeSQL and config.

Mitigation:

all users should upgrade to 2.1.4

Type:

CWE-269

 (Improper Privilege Management)

 References:
https://lists.apache.org/thread/brlfrmvw9dcv38zoofmhxg7qookmwn7j
Copyright 2024, cxsecurity.com

 

Back to Top