CVE-2023-31454 – org.apache.inlong:manager-service

Package

Manager: maven
Name: org.apache.inlong:manager-service
Vulnerable Version: >=1.2.0 <1.7.0

Severity

Level: High

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00141 pctl0.3483

Details

Apache InLong vulnerable to Incorrect Permission Assignment for Critical Resource Incorrect Permission Assignment for Critical Resource Vulnerability in Apache Software Foundation Apache InLong. This issue affects Apache InLong from 1.2.0 through 1.6.0. The attacker can bind any cluster, even if he is not the cluster owner. Users are advised to upgrade to Apache InLong 1.7.0 or cherry-pick https://github.com/apache/inlong/pull/7947 to solve it.

Metadata

Created: 2023-07-06T21:14:59Z
Modified: 2023-07-06T23:42:50Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/07/GHSA-rf76-whgp-fp56/GHSA-rf76-whgp-fp56.json
CWE IDs: ["CWE-732"]
Alternative ID: GHSA-rf76-whgp-fp56
Finding: F039
Auto approve: 1