Lucene search

GitHub Advisory DatabaseGHSA-RF76-WHGP-FP56

HistoryJul 06, 2023 - 9:14 p.m.

Apache InLong vulnerable to Incorrect Permission Assignment for Critical Resource

2023-07-0621:14:59

CWE-732

GitHub Advisory Database

github.com

apache

inlong

vulnerability

permission assignment

critical resource

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

EPSS

0.002

Percentile

61.1%

JSON

Incorrect Permission Assignment for Critical Resource Vulnerability in Apache Software Foundation Apache InLong. This issue affects Apache InLong from 1.2.0 through 1.6.0. The attacker can bind any cluster, even if he is not the cluster owner. Users are advised to upgrade to Apache InLong 1.7.0 or cherry-pick https://github.com/apache/inlong/pull/7947 to solve it.

Affected configurations

Vulners

Node

org.apache.inlongmanager-serviceRange1.2.0–1.7.0

VendorProductVersionCPE
org.apache.inlongmanager-service*cpe:2.3:a:org.apache.inlong:manager-service:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
org.apache.inlong	manager-service	*	cpe:2.3:a:org.apache.inlong:manager-service::::::::

References

github.com/advisories/GHSA-rf76-whgp-fp56

github.com/apache/inlong/pull/7947

lists.apache.org/thread/nqt1tr6pbq8q4b033d7sg5gltx5pmjgl

nvd.nist.gov/vuln/detail/CVE-2023-31454

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

EPSS

0.002

Percentile

61.1%

JSON

Related for GHSA-RF76-WHGP-FP56