Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2023-31453

Incorrect Permission Assignment for Critical Resource Vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.2.0 through 1.6.0. The attacker can delete others' subscriptions, even if they are not the owner of the deleted subscription. Users are advised to upgrade to Apache InLong's 1.7.0 or cherry-pick [1] to solve it. [1] https://github.com/apache/inlong/pull/7949 https://github.com/apache/inlong/pull/7949

Published

2023-05-22T14:15:09.643

Last Modified

2024-11-21T08:01:53.757

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 7.5 (HIGH)

Weaknesses

Type: Primary
CWE-732

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	apache	inlong	≤ 1.6.0	Yes

References

https://lists.apache.org/thread/9nz8o2skgc5230w276h4w92j0zstnl06 Mailing List, Vendor Advisory ([email protected])
https://lists.apache.org/thread/9nz8o2skgc5230w276h4w92j0zstnl06 Mailing List, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)