Lucene search
ApacheCVE-2023-43666HistoryOct 16, 2023 - 9:15 a.m.
CVE-2023-43666
2023-10-1609:15:10
CWE-345
apache
web.nvd.nist.gov
30
cve-2023-43666
apache
inlong
vulnerability
data authenticity
upgrade
nvd
security
CVSS3
6.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
EPSS
0.001
Percentile
28.4%
Insufficient Verification of Data Authenticity vulnerability in Apache InLong.This issue affects Apache InLong: from 1.4.0 through 1.8.0,
General user can view all user data like Admin account.
Users are advised to upgrade to Apache InLong’s 1.9.0 or cherry-pick [1] to solve it.
Affected configurations
Node
apacheinlongRange1.4.0–1.8.0
CNA Affected
[
{
"defaultStatus": "unaffected",
"product": "Apache InLong",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThanOrEqual": "1.8.0",
"status": "affected",
"version": "1.4.0",
"versionType": "semver"
}
]
}
]Related
github
github
Insufficient Verification of Data Authenticity in Apache InLong
2023-10-16 09:30:19
nvd
nvd
CVE-2023-43666
2023-10-16 09:15:10
cvelist
cvelist
prion
prion
Design/Logic Flaw
2023-10-16 09:15:00
osv
osv
Insufficient Verification of Data Authenticity in Apache InLong
2023-10-16 09:30:19
cnvd
cnvd
Apache InLong Data Forgery Issue Vulnerability
2023-10-19 00:00:00
veracode
veracode
Information Disclosure
2023-10-17 20:09:15
vulnrichment
vulnrichment
CVSS3
6.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
EPSS
0.001
Percentile
28.4%
Related for CVE-2023-43666