CVE-2022-46365
Last modified
CVE-2022-46365 is a critical-severity vulnerability rated 9.1/10 on the CVSS scale. Apache StreamPark 1.0.0 before 2.0.0 When the user successfully logs in, to modify his profile, the username will be passed to the server-layer as a parameter, but not verified whether the user name is the currently logged user and whether the user is legal, This will allow malicious attackers to send any username to modify and reset the account, Users of the affected versions should upgrade to Apache StreamPark 2.0.0 or later. . EPSS estimates a 1.47% chance of exploitation in the next 30 days.
Description
Apache StreamPark 1.0.0 before 2.0.0 When the user successfully logs in, to modify his profile, the username will be passed to the server-layer as a parameter, but not verified whether the user name is the currently logged user and whether the user is legal, This will allow malicious attackers to send any username to modify and reset the account, Users of the affected versions should upgrade to Apache StreamPark 2.0.0 or later.
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Apache | Streampark | >= 1.0.0, < 2.0.0 |
References
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2022-46365?
How severe is CVE-2022-46365?
How do I fix CVE-2022-46365?
Are you affected by CVE-2022-46365?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST