CVE-2023-31454

HIGH7.5EPSS 0.61%

Apache InLong vulnerable to Incorrect Permission Assignment for Critical Resource

Published: 7/6/2023Modified: 2/16/2024

Description

Incorrect Permission Assignment for Critical Resource Vulnerability in Apache Software Foundation Apache InLong. This issue affects Apache InLong from 1.2.0 through 1.6.0. The attacker can bind any cluster, even if he is not the cluster owner. Users are advised to upgrade to Apache InLong 1.7.0 or cherry-pick https://github.com/apache/inlong/pull/7947 to solve it.

Affected packages (1)

Maven/org.apache.inlong:manager-service>= 1.2.0, < 1.7.0

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	HIGH7.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

References (4)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2023-31454
PATCHhttps://github.com/apache/inlong
WEBhttps://github.com/apache/inlong/pull/7947
WEBhttps://lists.apache.org/thread/nqt1tr6pbq8q4b033d7sg5gltx5pmjgl