CVE-2024-31411 – Authenticated users in Apache StreamPipes can u... (How to Fix)

Q: What is the severity of CVE-2024-31411?

CVE-2024-31411 has a CVSS score of 8.8 (HIGH). Authenticated users in Apache StreamPipes can upload dangerous file types like executables, potentially leading to remote code execution. This affects all versions through 0.93.0. The vulnerability requires authentication but could allow attackers to compromise the system.

📋 TL;DR

Authenticated users in Apache StreamPipes can upload dangerous file types like executables, potentially leading to remote code execution. This affects all versions through 0.93.0. The vulnerability requires authentication but could allow attackers to compromise the system.

💻 Affected Systems

Products:

Apache StreamPipes

Versions: through 0.93.0

Operating Systems: All

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects authenticated users with upload permissions.

📦 What is this software?

Streampipes by Apache

View all CVEs affecting Streampipes →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full system compromise via remote code execution, allowing attackers to execute arbitrary commands, steal data, or pivot to other systems.

🟠

Likely Case

Attackers with valid credentials upload malicious files to gain shell access or deploy malware on the StreamPipes server.

🟢

If Mitigated

With proper access controls and file validation, impact is limited to denial of service or data corruption from uploaded files.

🌐 Internet-Facing: HIGH

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires valid credentials and knowledge of upload functionality.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 0.95.0

Vendor Advisory: https://lists.apache.org/thread/b0657okbwzg5xxs11hphvc9qrd9s70mt

Restart Required: Yes

Instructions:

1. Backup your StreamPipes configuration and data. 2. Download version 0.95.0 from Apache. 3. Stop the StreamPipes service. 4. Replace the installation with the new version. 5. Restart the service.

🔧 Temporary Workarounds

Restrict file upload types

all

Configure StreamPipes to only allow safe file extensions and implement server-side validation.

Implement WAF rules

all

Add web application firewall rules to block uploads of executable file types.

🧯 If You Can't Patch

Restrict user permissions to minimize who can upload files.
Monitor file upload activity and audit logs for suspicious uploads.

🔍 How to Verify

Check if Vulnerable:

Check StreamPipes version; if it's 0.93.0 or earlier, it's vulnerable.

Check Version:

Check the StreamPipes web interface or configuration files for version information.

Verify Fix Applied:

Confirm version is 0.95.0 or later and test file upload with dangerous types to ensure they're blocked.

📡 Detection & Monitoring

Log Indicators:

Unusual file uploads, especially with executable extensions like .exe, .sh, .jar.

Network Indicators:

HTTP POST requests to upload endpoints with suspicious file types.

SIEM Query:

source="streampipes" AND (file_upload="*.exe" OR file_upload="*.sh" OR file_upload="*.jar")

📊 Metadata

CVE ID: CVE-2024-31411

CVSS v3 Score: 8.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-434

Published: July 17, 2024

Last Updated: November 21, 2024

🔗 References

https://lists.apache.org/thread/b0657okbwzg5xxs11hphvc9qrd9s70mt Mailing List,Vendor Advisory
http://www.openwall.com/lists/oss-security/2024/07/16/10
https://lists.apache.org/thread/b0657okbwzg5xxs11hphvc9qrd9s70mt Mailing List,Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-31411, you might also want to check these: