CVE-2023-31098 – org.apache.inlong:manager-pojo

Package

Manager: maven
Name: org.apache.inlong:manager-pojo
Vulnerable Version: >=1.1.0 <1.47.0

Severity

Level: Critical

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

EPSS: 0.00169 pctl0.38587

Details

Apache InLong has Weak Password Requirements in Apache InLong Weak Password Requirements vulnerability in Apache Software Foundation Apache InLong. This issue affects Apache InLong from 1.1.0 through 1.6.0. When users change their password to a simple password (with any character or symbol), attackers can easily guess the user's password and access the account. Users are advised to upgrade to Apache InLong 1.7.0 or cherry-pick https://github.com/apache/inlong/pull/7805 to solve it.

Metadata

Created: 2023-07-06T21:14:59Z
Modified: 2023-07-06T23:43:59Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/07/GHSA-w3wr-gmwf-r333/GHSA-w3wr-gmwf-r333.json
CWE IDs: ["CWE-521"]
Alternative ID: GHSA-w3wr-gmwf-r333
Finding: F053
Auto approve: 1