We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.
Please see our statement on Data Privacy.
Assigner | apache |
Reserved | 2024-05-04 |
Published | 2024-07-22 |
Updated | 2024-09-11 |
On versions before 2.1.4, after a regular user successfully logs in, they can manually make a request using the authorization token to view everyone's user flink information, including executeSQL and config. Mitigation: all users should upgrade to 2.1.4
CWE-639 Authorization Bypass Through User-Controlled Key
L0ne1y
https://lists.apache.org/thread/brlfrmvw9dcv38zoofmhxg7qookmwn7j
https://www.openwall.com/lists/oss-security/2024/07/22/2