CVE-2024-29120

MEDIUM Year: 2024
CVSS v3 Score
5.9
Medium
Weakness Type
CWE-212
View all →

Vulnerability Description

In Streampark (version < 2.1.4), when a user logged in successfully, the Backend service would return "Authorization" as the front-end authentication credential. User can use this credential to request other users' information, including the administrator's username, password, salt value, etc. Mitigation: all users should upgrade to 2.1.4

Related Vulnerabilities

CVE-2022-0536

MEDIUM
CVSS:5.9(Medium)

Improper Removal of Sensitive Information Before Storage or Transfer in NPM follow-redirects prior to 1.14.8.

CWE-2122022

CVE-2024-7698

MEDIUM
CVSS:5.7(Medium)

A low privileged remote attacker can get access to CSRF tokens of higher privileged users which can be abused to mount CSRF attacks.

CWE-2122024

CVE-2005-0406

MEDIUM
CVSS:5.5(Medium)

A design flaw in image processing software that modifies JPEG images might not modify the original EXIF thumbnail, which could lead to an information leak of potentially sensitive visual information t...

CWE-2122005

CVE-2020-11740

MEDIUM
CVSS:5.5(Medium)

An issue was discovered in xenoprof in Xen through 4.13.x, allowing guest OS users (without active profiling) to obtain sensitive information about other guests. Unprivileged guests can request to map...

CWE-2122020

CVE-2020-15024

MEDIUM
CVSS:5.5(Medium)

An issue was discovered in the Login Password feature of the Password Manager component in Avast Antivirus 20.1.5069.562. An entered password continues to be stored in Windows main memory after a logo...

CWE-2122020

CVE-2020-25635

MEDIUM
CVSS:5.5(Medium)

A flaw was found in Ansible Base when using the aws_ssm connection plugin as garbage collector is not happening after playbook run is completed. Files would remain in the bucket exposing the data. Thi...

CWE-2122020