CVE-2023-31454
HIGH7.5EPSS 0.61%Apache InLong vulnerable to Incorrect Permission Assignment for Critical Resource
發布日:2023/7/6修改日:2024/2/16
描述
Incorrect Permission Assignment for Critical Resource Vulnerability in Apache Software Foundation Apache InLong. This issue affects Apache InLong from 1.2.0 through 1.6.0. The attacker can bind any cluster, even if he is not the cluster owner. Users are advised to upgrade to Apache InLong 1.7.0 or cherry-pick https://github.com/apache/inlong/pull/7947 to solve it.
受影響套件(1)
- Maven/org.apache.inlong:manager-service>= 1.2.0, < 1.7.0
CVSS 分數
| 來源 | 版本 | 嚴重程度 | 向量 |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH7.5 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N |