What is CVE-2024-29868?

CVE-2024-29868 is a vulnerability in Apache Software Foundation Streampipes, classified under Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG). Published 2024-06-24.

Is CVE-2024-29868 known to be exploited?

4 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Apache Software Foundation Streampipes

CVE-2024-29868

Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) vulnerability in Apache StreamPipes user self-registration and password recovery mechanism. This allows an attacker to guess the recovery token in a reasonable time and th…

EPSS: 0.784 (99.1th percentile) — read the EPSS interpretation.

Affected products

Apache Software Foundation Streampipes — versions 0.69.0

Weakness classification (CWE)

CWE-338 — Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)

Public proof-of-concept exploits

References

lists.apache.org/thread/g7t7zctvq2fysrw1x17flnc12592nhx7 (vendor-advisory)

Frequently asked questions

What is CVE-2024-29868?: CVE-2024-29868 is a vulnerability in Apache Software Foundation Streampipes, classified under Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG). Published 2024-06-24.
Is CVE-2024-29868 known to be exploited?: 4 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.