CVE-2023-31103

2023-05-2216:15:10

CWE-668

apache

web.nvd.nist.gov

cve-2023-31103

exposure vulnerability

apache software foundation

apache inlong

apache inlong 1.4.0

apache inlong 1.6.0

security upgrade

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

EPSS

0.002

Percentile

61.1%

JSON

Exposure of Resource to Wrong Sphere Vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.4.0 through 1.6.0.
Attackers can change the immutable name and type of cluster of InLong. Users are advised to upgrade to Apache InLong’s 1.7.0 or cherry-pick https://github.com/apache/inlong/pull/7891 https://github.com/apache/inlong/pull/7891 to solve it.

Affected configurations

Nvd

Vulners

Node

apacheinlongRange1.4.0–1.6.0

VendorProductVersionCPE
apacheinlong*cpe:2.3:a:apache:inlong:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
apache	inlong	*	cpe:2.3:a:apache:inlong::::::::

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Apache InLong",
    "vendor": "Apache Software Foundation",
    "versions": [
      {
        "lessThanOrEqual": "1.6.0",
        "status": "affected",
        "version": "1.4.0",
        "versionType": "semver"
      }
    ]
  }
]