Primary

Context

Ververica Platform Broken Access Control Vulnerability in SQL Connectors

Vulnerability

A broken access control vulnerability has been identified in Ververica Platform version 2.14.0. This vulnerability allows low-privileged users to access SQL connectors by sending a direct request to the namespaces/default/formats endpoint. Normally, this feature is hidden from users with lower privileges.

Impact

Exploitation of this vulnerability allows low-privileged users to access administrative functions related to SQL connectors, which could lead to unauthorized data manipulation or access.

Reproduction

To reproduce this vulnerability, a low-privileged user can send a request to the namespaces/default/formats endpoint. This request will bypass the access controls and grant access to the SQL connectors feature, which is typically restricted.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

6.6

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

6.6

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Ververica Platform Broken Access Control Vulnerability in SQL Connectors

Vulnerability

Impact

Reproduction

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating