CVE-2023-31453 – org.apache.inlong:manager-web

Package

Manager: maven
Name: org.apache.inlong:manager-web
Vulnerable Version: >=1.2.0 <1.7.0

Severity

Level: High

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00184 pctl0.40385

Details

Apache InLong Incorrect Permission Assignment for Critical Resource Vulnerability Incorrect Permission Assignment for Critical Resource Vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.2.0 through 1.6.0. The attacker can delete others' subscriptions, even if they are not the owner of the deleted subscription. Users are advised to upgrade to Apache InLong's 1.7.0 or cherry-pick https://github.com/apache/inlong/pull/7949 to solve it.

Metadata

Created: 2023-07-06T21:14:59Z
Modified: 2023-07-06T23:38:09Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/07/GHSA-8rjh-3mhm-966q/GHSA-8rjh-3mhm-966q.json
CWE IDs: ["CWE-732"]
Alternative ID: GHSA-8rjh-3mhm-966q
Finding: F039
Auto approve: 1