Lucene search

GitHub Advisory DatabaseGHSA-3P9P-59QF-MQWH

HistoryJul 06, 2023 - 9:14 p.m.

Apache InLong has Files or Directories Accessible to External Parties

2023-07-0621:14:59

CWE-552

GitHub Advisory Database

github.com

apache inlong

vulnerability

external parties

upgrade

security issue

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

EPSS

0.002

Percentile

61.1%

JSON

Files or Directories Accessible to External Parties vulnerability in Apache Software Foundation Apache InLong. This issue affects Apache InLong from 1.2.0 through 1.6.0.The user in InLong could cancel an application that doesn’t belong to it. Users are advised to upgrade to Apache InLong’s 1.7.0 or cherry-pick https://github.com/apache/inlong/pull/7799 to solve it.

Affected configurations

Vulners

Node

org.apache.inlongmanager-workflowRange1.2.0–1.7.0

VendorProductVersionCPE
org.apache.inlongmanager-workflow*cpe:2.3:a:org.apache.inlong:manager-workflow:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
org.apache.inlong	manager-workflow	*	cpe:2.3:a:org.apache.inlong:manager-workflow::::::::

References

github.com/advisories/GHSA-3p9p-59qf-mqwh

github.com/apache/inlong/pull/7799

lists.apache.org/thread/1osd2k3t3qol2wdsswqtr9gxdkf78n00

nvd.nist.gov/vuln/detail/CVE-2023-31064

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

EPSS

0.002

Percentile

61.1%

JSON

Related for GHSA-3P9P-59QF-MQWH