Apache StreamPipes Self-Registration TOCTOU Race Condition (0.93.0)
CVE-2024-30471 Published on July 17, 2024

Apache StreamPipes: Potential creation of multiple identical accounts
Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Apache StreamPipes in user self-registration. This allows an attacker to potentially request the creation of multiple accounts with the same email address until the email address is registered, creating many identical users and corrupting StreamPipe's user management. This issue affects Apache StreamPipes: through 0.93.0. Users are recommended to upgrade to version 0.95.0, which fixes the issue.

Vendor Advisory NVD

Vulnerability Analysis

CVE-2024-30471 can be exploited with network access, and does not require authorization privileges or user interaction. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality, with no impact on integrity, and no impact on availability.

Attack Vector:
NETWORK
Attack Complexity:
LOW
Privileges Required:
NONE
User Interaction:
NONE
Scope:
UNCHANGED
Confidentiality Impact:
NONE
Integrity Impact:
LOW
Availability Impact:
NONE

Weakness Type

What is a TOCTTOU Vulnerability?

The software checks the state of a resource before using that resource, but the resource's state can change between the check and the use in a way that invalidates the results of the check. This can cause the software to perform invalid actions when the resource is in an unexpected state. This weakness can be security-relevant when an attacker can influence the state of the resource between check and use. This can happen with shared resources such as files, memory, or even variables in multithreaded programs.

CVE-2024-30471 has been classified to as a TOCTTOU vulnerability or weakness.


Products Associated with CVE-2024-30471

Want to know whenever a new CVE is published for Apache Streampipes? stack.watch will email you.

Apache Streampipes
 

Affected Versions

Apache Software Foundation Apache StreamPipes: apache streampipes:

Exploit Probability

EPSS
1.05%
Percentile
77.31%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.