Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2023-34189

Exposure of Resource to Wrong Sphere Vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.4.0 through 1.7.0. The attacker could use general users to delete and update the process, which only the admin can operate occurrences. Users are advised to upgrade to Apache InLong's 1.8.0 or cherry-pick https://github.com/apache/inlong/pull/8109 to solve it.

Published

2023-07-25T08:15:10.077

Last Modified

2025-02-13T17:16:34.990

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 6.5 (MEDIUM)

Weaknesses

Type: Primary
CWE-668

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	apache	inlong	≤ 1.7.0	Yes

References

http://www.openwall.com/lists/oss-security/2023/07/25/2 Mailing List, Third Party Advisory ([email protected])
https://lists.apache.org/thread/smxqyx43hxjvzv4w71n2n3rfho9p378s Mailing List, Vendor Advisory ([email protected])
http://www.openwall.com/lists/oss-security/2023/07/25/2 Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://lists.apache.org/thread/smxqyx43hxjvzv4w71n2n3rfho9p378s Mailing List, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)