Primary

Context

Apache StreamPark Hard-Coded Encryption Key Vulnerability

Vulnerability

Patched

A vulnerability exists in Apache StreamPark versions 2.0.0 prior to 2.1.7, where a fixed encryption key is used, either hard-coded or directly generated from user passwords. This flaw allows attackers to retrieve the keys through reverse engineering, code leaks, or password guessing, enabling them to decrypt sensitive data or forge encrypted information. The result is unauthorized access to sensitive information or systems.

Impact

Exploitation of this vulnerability could lead to unauthorized decryption of sensitive data, allowing for information disclosure or unauthorized access to systems.

Remediation

Users are advised to upgrade to Apache StreamPark version 2.1.7, which addresses this vulnerability.

Added: Dec 12, 2025, 4:21 PM

Updated: Dec 12, 2025, 7:22 PM

Vulnerability Rating

Custom Algorithm

spread

1.4

impact

3.1

exploitability

7.0

remediation

7.7

relevance

1.3

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

1.4

impact

3.1

exploitability

7.0

remediation

7.7

relevance

1.3

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Apache StreamPark Hard-Coded Encryption Key Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Apache StreamPark

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating