Lucene search
GitHub Advisory DatabaseGHSA-WJ6Q-CHPV-MCRXHistoryOct 16, 2023 - 9:30 a.m.
Insufficient Verification of Data Authenticity in Apache InLong
2023-10-1609:30:19
CWE-345
GitHub Advisory Database
github.com
8
apache inlong
data authenticity
vulnerability
upgrade
user data
CVSS3
6.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
EPSS
0.001
Percentile
28.4%
Insufficient Verification of Data Authenticity vulnerability in Apache InLong.This issue affects Apache InLong: from 1.4.0 through 1.8.0,
General user can view all user data like Admin account.
Users are advised to upgrade to Apache InLong’s 1.9.0 or cherry-pick [1] to solve it.
Affected configurations
Node
org.apache.inlonginlongRange1.4.0–1.9.0
| Vendor | Product | Version | CPE |
|---|---|---|---|
| org.apache.inlong | inlong | * | cpe:2.3:a:org.apache.inlong:inlong:*:*:*:*:*:*:*:* |
Related
nvd
nvd
CVE-2023-43666
2023-10-16 09:15:10
cvelist
cvelist
prion
prion
Design/Logic Flaw
2023-10-16 09:15:00
cve
cve
CVE-2023-43666
2023-10-16 09:15:10
osv
osv
Insufficient Verification of Data Authenticity in Apache InLong
2023-10-16 09:30:19
cnvd
cnvd
Apache InLong Data Forgery Issue Vulnerability
2023-10-19 00:00:00
veracode
veracode
Information Disclosure
2023-10-17 20:09:15
vulnrichment
vulnrichment
CVSS3
6.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
EPSS
0.001
Percentile
28.4%
Related for GHSA-WJ6Q-CHPV-MCRX