CVE-2024-29120 – This vulnerability in Streampark versions befor... (How to Fix)

Q: What is the severity of CVE-2024-29120?

CVE-2024-29120 has a CVSS score of 5.9 (MEDIUM). This vulnerability in Streampark versions before 2.1.4 allows authenticated users to access other users' sensitive information, including administrator credentials, by reusing the authentication token returned after login. It affects all Streampark deployments running vulnerable versions where user authentication is enabled.

📋 TL;DR

This vulnerability in Streampark versions before 2.1.4 allows authenticated users to access other users' sensitive information, including administrator credentials, by reusing the authentication token returned after login. It affects all Streampark deployments running vulnerable versions where user authentication is enabled.

💻 Affected Systems

Products:

Apache Streampark

Versions: All versions before 2.1.4

Operating Systems: All

Default Config Vulnerable: ⚠️ Yes

Notes: Affects all deployments with user authentication enabled. The vulnerability exists in the authentication token handling mechanism.

📦 What is this software?

Streampark by Apache

View all CVEs affecting Streampark →

⚠️ Risk & Real-World Impact

🔴

Worst Case

An attacker could obtain administrator credentials and gain full control over the Streampark system, potentially leading to data theft, system compromise, or lateral movement within the network.

🟠

Likely Case

Authenticated users can access sensitive information of other users, including passwords and salt values, which could lead to credential theft and privilege escalation.

🟢

If Mitigated

With proper network segmentation and access controls, the impact is limited to the Streampark application itself, though credential exposure remains a significant risk.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires a valid user account to obtain the initial authentication token, after which the attack is straightforward.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 2.1.4

Vendor Advisory: https://lists.apache.org/thread/y3oqz7l8vd7jxxx3z2khgl625nvfr60j

Restart Required: Yes

Instructions:

1. Backup current configuration and data. 2. Download Streampark 2.1.4 from official Apache repositories. 3. Stop the Streampark service. 4. Replace the installation with version 2.1.4. 5. Restart the Streampark service. 6. Verify the upgrade was successful.

🔧 Temporary Workarounds

Network Isolation

all

Restrict network access to Streampark to only trusted users and systems

Authentication Monitoring

all

Implement enhanced logging and monitoring for authentication events and unusual user information access patterns

🧯 If You Can't Patch

Implement strict network access controls to limit who can reach the Streampark interface
Monitor authentication logs for unusual patterns and implement alerting for suspicious user information access attempts

🔍 How to Verify

Check if Vulnerable:

Check the Streampark version in the web interface or configuration files. If version is less than 2.1.4, the system is vulnerable.

Check Version:

Check the version in the Streampark web interface or examine the application configuration files for version information.

Verify Fix Applied:

After upgrading, verify the version shows 2.1.4 or higher in the web interface or configuration.

📡 Detection & Monitoring

Log Indicators:

Multiple authentication requests from same user in short time
User information access patterns that don't match normal behavior
Access to user endpoints with different user IDs than the authenticated user

Network Indicators:

Unusual API calls to user information endpoints
Multiple requests to /api/user/* endpoints from single source

SIEM Query:

source="streampark" AND (event_type="authentication" OR endpoint="/api/user/*") | stats count by user, endpoint

📊 Metadata

CVE ID: CVE-2024-29120

CVSS v3 Score: 5.9 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

CWE: CWE-212

Published: July 17, 2024

Last Updated: June 23, 2025

🔗 References

http://www.openwall.com/lists/oss-security/2024/07/17/4 Mailing List
https://lists.apache.org/thread/y3oqz7l8vd7jxxx3z2khgl625nvfr60j Mailing List,Vendor Advisory
http://www.openwall.com/lists/oss-security/2024/07/17/4 Mailing List
https://lists.apache.org/thread/y3oqz7l8vd7jxxx3z2khgl625nvfr60j Mailing List,Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-29120, you might also want to check these: