A REST interface in Apache StreamPipes (versions 0.69.0 to 0.91.0) was not properly restricted to admin-only access. This allowed a non-admin user with valid login credentials to elevate privileges beyond the initially assigned roles.
The issue is resolved by upgrading to StreamPipes 0.92.0.

Affected Packages

Maven org.apache.streampipes:streampipes-parent

Affected versions: 0.69.0 (fixed in 0.92.0)

Related CVEs

CVE-2023-31469

Key Information

GHSA ID

GHSA-pm73-x2h5-cmj3

Published

June 23, 2023 9:30 AM

Last Modified

July 5, 2023 5:16 PM

CVSS Score

7.5 /10

Primary Ecosystem

Maven

Primary Package

org.apache.streampipes:streampipes-parent

GitHub Reviewed

✓ Yes

Dataset

Last updated: July 30, 2025 6:36 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.