{"id":"CVE-2024-29120","details":"In Streampark (version \u003c 2.1.4), when a user logged in successfully, the Backend service would return \"Authorization\" as the front-end authentication credential.  User can use this credential to request other users' information, including the administrator's username, password, salt value, etc. \n\nMitigation:\n\nall users should upgrade to 2.1.4","aliases":["GHSA-hcf8-5j78-887v"],"modified":"2026-03-14T12:28:11.168092Z","published":"2024-07-17T15:15:14.090Z","references":[{"type":"ADVISORY","url":"https://lists.apache.org/thread/y3oqz7l8vd7jxxx3z2khgl625nvfr60j"},{"type":"ARTICLE","url":"http://www.openwall.com/lists/oss-security/2024/07/17/4"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/apache/incubator-streampark","events":[{"introduced":"6788ebae61d2f6d5122572229ce0a3a2555cc46d"},{"fixed":"c3c468c9192dd87b4ae430a41735bde7a391dfba"}],"database_specific":{"versions":[{"introduced":"2.0.0"},{"fixed":"2.1.4"}]}}],"versions":["v2.0.0","v2.0.0-rc7","v2.1.0","v2.1.0-rc1","v2.1.1","v2.1.1-rc1","v2.1.2","v2.1.2-rc1","v2.1.2-rc2","v2.1.2-rc3","v2.1.2-rc4","v2.1.3","v2.1.3-rc1","v2.1.4-rc1"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-29120.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"}]}