CVE-2023-31064 – org.apache.inlong:manager-workflow

Package

Manager: maven
Name: org.apache.inlong:manager-workflow
Vulnerable Version: >=1.2.0 <1.7.0

Severity

Level: High

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00189 pctl0.41049

Details

Apache InLong has Files or Directories Accessible to External Parties Files or Directories Accessible to External Parties vulnerability in Apache Software Foundation Apache InLong. This issue affects Apache InLong from 1.2.0 through 1.6.0.The user in InLong could cancel an application that doesn't belong to it. Users are advised to upgrade to Apache InLong's 1.7.0 or cherry-pick https://github.com/apache/inlong/pull/7799 to solve it.

Metadata

Created: 2023-07-06T21:14:59Z
Modified: 2023-07-06T23:27:00Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/07/GHSA-3p9p-59qf-mqwh/GHSA-3p9p-59qf-mqwh.json
CWE IDs: ["CWE-552"]
Alternative ID: GHSA-3p9p-59qf-mqwh
Finding: F123
Auto approve: 1