GitHub Advisory DatabaseGHSA-H79M-5CM2-278CUser data exposure in Apache InLong
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
EPSS
Percentile
30.8%
Insecure Default Initialization of Resource Vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.5.0 through 1.6.0. Users registered in InLong who joined later can see deleted users’ data. Users are advised to upgrade to Apache InLong’s 1.7.0 or cherry-pick https://github.com/apache/inlong/pull/7836 to solve it.
Affected configurations
| Vendor | Product | Version | CPE |
|---|---|---|---|
| org.apache.inlong | manager-web | * | cpe:2.3:a:org.apache.inlong:manager-web:*:*:*:*:*:*:*:* |
| org.apache.inlong | manager-service | * | cpe:2.3:a:org.apache.inlong:manager-service:*:*:*:*:*:*:*:* |
| org.apache.inlong | manager-pojo | * | cpe:2.3:a:org.apache.inlong:manager-pojo:*:*:*:*:*:*:*:* |
| org.apache.inlong | manager-dao | * | cpe:2.3:a:org.apache.inlong:manager-dao:*:*:*:*:*:*:*:* |
Related
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
EPSS
Percentile
30.8%