Primary

Context

Apache StreamPark Hard-Coded Key Vulnerability Allowing Information Disclosure and Unauthorized Access

Vulnerability

Patched

A vulnerability exists in Apache StreamPark versions 2.0.0 prior to 2.1.7, due to the use of a hard-coded encryption key. This fixed key can be extracted through reverse engineering or code analysis, potentially allowing attackers to decrypt sensitive data or forge encrypted information. Such actions could lead to unauthorized access to the system or disclosure of confidential information.

Impact

Exploitation of this vulnerability could result in the decryption of sensitive data or the forging of encrypted information, causing unauthorized access to the system or disclosure of confidential information.

Remediation

Users are advised to upgrade to Apache StreamPark version 2.1.7, which addresses this vulnerability.

Added: Dec 12, 2025, 3:17 PM

Updated: Dec 12, 2025, 7:23 PM

Vulnerability Rating

Custom Algorithm

spread

1.4

impact

2.5

exploitability

7.0

remediation

7.7

relevance

1.4

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

1.4

impact

2.5

exploitability

7.0

remediation

7.7

relevance

1.4

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Apache StreamPark Hard-Coded Key Vulnerability Allowing Information Disclosure and Unauthorized Access

Vulnerability

Impact

Remediation

Affected Products

Apache StreamPark

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating