Security Advisory

CVE-2024-34457

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2024-07-22 09:48:23

Last updated 2024-11-04 21:27:42

Assigner apache

State PUBLISHED

Description

On versions before 2.1.4, after a regular user successfully logs in, they can manually make a request using the authorization token to view everyones user flink information, including executeSQL and config. Mitigation: all users should upgrade to 2.1.4

← Browse all CVEs View on cve.org ↗