Lucene search

GitHub Advisory DatabaseGHSA-W3WR-GMWF-R333

HistoryJul 06, 2023 - 9:14 p.m.

Apache InLong has Weak Password Requirements in Apache InLong

2023-07-0621:14:59

CWE-521

GitHub Advisory Database

github.com

apache inlong

weak password requirements

vulnerability

upgrade

fix

github repository

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.04

Percentile

92.1%

JSON

Weak Password Requirements vulnerability in Apache Software Foundation Apache InLong. This issue affects Apache InLong from 1.1.0 through 1.6.0. When users change their password to a simple password (with any character or symbol), attackers can easily guess the user’s password and access the account. Users are advised to upgrade to Apache InLong 1.7.0 or cherry-pick https://github.com/apache/inlong/pull/7805 to solve it.

Affected configurations

Vulners

Node

org.apache.inlongmanager-pojoRange1.1.0–1.7.0

VendorProductVersionCPE
org.apache.inlongmanager-pojo*cpe:2.3:a:org.apache.inlong:manager-pojo:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
org.apache.inlong	manager-pojo	*	cpe:2.3:a:org.apache.inlong:manager-pojo::::::::

References

github.com/advisories/GHSA-w3wr-gmwf-r333

github.com/apache/inlong/pull/7805

lists.apache.org/thread/1fvloc3no1gbffzrcsx9ltsg08wr2d1w

nvd.nist.gov/vuln/detail/CVE-2023-31098

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.04

Percentile

92.1%

JSON

Related for GHSA-W3WR-GMWF-R333