216.73.217.98

CVE-2024-29120

· Published 17/07/2024 15:15 · Modified 17/07/2024 16:15

Labels: CVE-2024-29120 2024-07-17CVE-2024-29120CWE-212[email protected]

Essential information

Published
17/07/2024 15:15
Modified
17/07/2024 16:15
Author
Creator
CISA KEV
No
CWE

Description

In Streampark (version < 2.1.4), when a user logged in successfully, the Backend service would return "Authorization" as the front-end authentication credential. User can use this credential to request other users' information, including the administrator's username, password, salt value, etc.  Mitigation: all users should upgrade to 2.1.4

NVD status

Status
Received — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

References