CVE-2024-30471

Source
https://cve.org/CVERecord?id=CVE-2024-30471
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-30471.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2024-30471
Aliases
Published
2024-07-17T09:01:52.214Z
Modified
2026-07-15T01:49:07.931277928Z
Severity
  • 5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N CVSS Calculator
Summary
Apache StreamPipes: Potential creation of multiple identical accounts
Details

Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Apache StreamPipes in user self-registration. This allows an attacker to potentially request the creation of multiple accounts with the same email address until the email address is registered, creating many identical users and corrupting StreamPipe's user management. This issue affects Apache StreamPipes: through 0.93.0.

Users are recommended to upgrade to version 0.95.0, which fixes the issue.

Database specific
{
    "cna_assigner": "apache",
    "cwe_ids": [
        "CWE-367"
    ],
    "unresolved_ranges": [
        {
            "source": "AFFECTED_FIELD",
            "extracted_events": [
                {
                    "last_affected": "0.93.0"
                }
            ]
        },
        {
            "source": "DESCRIPTION",
            "extracted_events": [
                {
                    "fixed": "0.93.0"
                }
            ]
        }
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/30xxx/CVE-2024-30471.json"
}
References

Affected packages

Git / github.com/apache/streampipes

Affected ranges

Type
GIT
Repo
https://github.com/apache/streampipes
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
Database specific
{
    "source": "CPE_RANGE",
    "cpe": "cpe:2.3:a:apache:streampipes:*:*:*:*:*:*:*:*",
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "fixed": "0.95.0"
        }
    ]
}

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-30471.json"