6.5

CVSS Score

3.1

-

CVSS Score

Basic Information

CVE ID

CVE-2024-24778

GHSA ID

GHSA-vm7w-2724-5m23

EPSS Score

0.16681%

CWE

CWE-269

Published

3/3/2025

Updated

3/3/2025

KEV Status

Technology

Java

Basic Information

CVE ID

GHSA ID

EPSS Score

CWE

Published

Updated

KEV Status

Technology

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2024-24778

CVE-2024-24778: Apache StreamPipes has improper privilege management in a REST interface

Improper privilege management in a REST interface allowed registered users to access unauthorized resources if the resource ID was known.

This issue affects Apache StreamPipes: through 0.95.1.

Users are recommended to upgrade to version 0.97.0 which fixes the issue.

(GitHub Advisory)

Miggo Vulnerability Database

→

CVE-2024-24778

CVE-2024-24778:

6.5

CVSS Score

3.1

-

CVSS Score

Basic Information

CVE ID

CVE-2024-24778

GHSA ID

GHSA-vm7w-2724-5m23

EPSS Score

0.16681%

CWE

CWE-269

Published

3/3/2025

Updated

3/3/2025

KEV Status

Technology

Java

Basic Information

CVE ID

GHSA ID

EPSS Score

CWE

Published

Updated

KEV Status

Technology

Technical Details

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
org.apache.streampipes:streampipes-parent	maven	< 0.97.0	0.97.0

Technical Details

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability stems from missing authorization checks in REST endpoints handling resource access by ID. The descriptions indicate that authenticated users could access unauthorized resources by knowing the ID, suggesting insufficient privilege validation in functions responsible for fetching resources. The functions listed are common candidates for such flaws in RESTful systems. Confidence is medium due to the lack of explicit patch details, but the pattern aligns with CWE-269 and the described attack vector.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.

Reasoning

*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.

6.5

-

Basic Information

Basic Information

Concerned about an active attack path?

CVE-2024-24778: Apache StreamPipes has improper privilege management in a REST interface

CVE-2024-24778:

6.5

-

Basic Information

Basic Information

Technical Details

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability IntelligenceMiggo AI

CVE-2024-24778: Apache StreamPipes has improper privilege management in a REST interface

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Technical Details

Basic Information

Basic Information

6.5

6.5

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI