CVE-2023-31066 – org.apache.inlong:manager-web

Package

Manager: maven
Name: org.apache.inlong:manager-web
Vulnerable Version: >=1.4.0 <1.7.0

Severity

Level: Critical

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N

EPSS: 0.00233 pctl0.46067

Details

Apache InLong has Files or Directories Accessible to External Parties in Apache InLong Files or Directories Accessible to External Parties vulnerability in Apache Software Foundation Apache InLong. This issue affects Apache InLong: from 1.4.0 through 1.6.0. Different users in InLong could delete, edit, stop, and start others' sources. Users are advised to upgrade to Apache InLong's 1.7.0 or cherry-pick https://github.com/apache/inlong/pull/7775 to solve it.

Metadata

Created: 2023-07-06T21:14:59Z
Modified: 2023-07-06T23:28:55Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/07/GHSA-wx79-r3q8-fq9h/GHSA-wx79-r3q8-fq9h.json
CWE IDs: ["CWE-552"]
Alternative ID: GHSA-wx79-r3q8-fq9h
Finding: F123
Auto approve: 1