{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-30T01:59:10.653","vulnerabilities":[{"cve":{"id":"CVE-2024-34457","sourceIdentifier":"security@apache.org","published":"2024-07-22T10:15:03.607","lastModified":"2024-11-21T09:18:43.260","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"On versions before 2.1.4, after a regular user successfully logs in, they can manually make a request using the authorization token to view everyone's user flink information, including executeSQL and config.\n\nMitigation:\n\nall users should upgrade to 2.1.4"},{"lang":"es","value":"En versiones anteriores a la 2.1.4, después de que un usuario normal inicia sesión con éxito, puede realizar una solicitud manualmente utilizando el token de autorización para ver la información de flink de todos los usuarios, incluidos runSQL y config. Mitigación: todos los usuarios deben actualizar a 2.1.4"}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":3.6},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":3.6}]},"weaknesses":[{"source":"security@apache.org","type":"Secondary","description":[{"lang":"en","value":"CWE-639"}]},{"source":"nvd@nist.gov","type":"Secondary","description":[{"lang":"en","value":"CWE-639"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:apache:streampark:*:*:*:*:*:*:*:*","versionEndExcluding":"2.1.4","matchCriteriaId":"43F40411-3380-4B0F-BA0D-18C85BD8C615"}]}]}],"references":[{"url":"https://lists.apache.org/thread/brlfrmvw9dcv38zoofmhxg7qookmwn7j","source":"security@apache.org","tags":["Mailing List","Vendor Advisory"]},{"url":"https://www.openwall.com/lists/oss-security/2024/07/22/2","source":"security@apache.org"},{"url":"http://www.openwall.com/lists/oss-security/2024/07/22/2","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://lists.apache.org/thread/brlfrmvw9dcv38zoofmhxg7qookmwn7j","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Vendor Advisory"]}]}}]}