{"schema_version": "1.6.1", "id": "CVE-2023-31469", "summary": "Privilege escalation through non-admin user", "details": "\nA REST interface in Apache StreamPipes (versions 0.69.0 to 0.91.0) was not properly restricted to admin-only access. This allowed a non-admin user with valid login credentials to elevate privileges beyond the initially assigned roles.\nThe issue is resolved by upgrading to StreamPipes 0.92.0.\n\n", "affected": [{"ranges": [{"type": "SEMVER", "events": [{"introduced": "0.69.0"}, {"last_affected": "0.69.0"}]}]}], "references": [{"type": "WEB", "url": "https://lists.apache.org/thread/c4y8kf9bzpf36v4bottfmd8tc9cxo19m"}]}