2024-07-22 09:48:23
apache
PUBLISHED
On versions before 2.1.4, after a regular user successfully logs in, they can manually make a request using the authorization token to view everyones user flink information, including executeSQL and config. Mitigation: all users should upgrade to 2.1.4