Lucene search

GoogleOSV:GHSA-757P-7HP5-PQMR

HistoryJul 06, 2023 - 9:14 p.m.

Apache InLong Insufficient Session Expiration vulnerability

2023-07-0621:14:59

Google

osv.dev

apache inlong

session expiration

vulnerability

upgrade

github pull requests

CVSS3

9.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

EPSS

0.003

Percentile

65.3%

JSON

Insufficient Session Expiration vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.4.0 through 1.6.0.

An old session can be used by an attacker even after the user has been deleted or the password has been changed.

Users are advised to upgrade to Apache InLong’s 1.7.0 or cherry-pick https://github.com/apache/inlong/pull/7836 or https://github.com/apache/inlong/pull/7884 to solve it.

References

github.com/apache/inlong

github.com/apache/inlong/pull/7836

github.com/apache/inlong/pull/7884

lists.apache.org/thread/to7o0n2cks0omtwo6mhh5cs2vfdbplqf

nvd.nist.gov/vuln/detail/CVE-2023-31065

CVSS3

9.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

EPSS

0.003

Percentile

65.3%

JSON

Related for OSV:GHSA-757P-7HP5-PQMR