About CVE-2023-46365: Hard Code value vs access privileges control! (2nd May 2023)

Preface: In order to avoid vulnerabilities, cloud service providers have their hands full!

Background: It will be open-sourced under the name of StreamX in April 2021, renamed StreamPark in August 2022, and then formally become an incubation project of the Apache Open Source Software Foundation through voting in September.
StreamPark is a streaming application development framework. Aimed at ease building and managing streaming applications, StreamPark provides development framework for writing streaming process application with Apache Flink and Apache Spark.
Apache Spark and Apache Flink are two of the most popular tools used for machine learning and data science.
Known for its speed and scalability, Apache Spark can handle a wide variety of workloads, including batch processing, stream processing, and machine learning. On the other hand, Apache Flink is designed for real-time data processing and optimized for low latency and high throughput.

Vulnerability details: Apache StreamPark (incubating): Logic error causing any account reset.

Affected products: Apache StreamPark 1.0.0 before 2.0.0

Official announcement: For details, please refer to the link – https://nvd.nist.gov/vuln/detail/CVE-2022-46365

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.