Lucene search

GoogleOSV:GHSA-WJ6Q-CHPV-MCRX

HistoryOct 16, 2023 - 9:30 a.m.

Insufficient Verification of Data Authenticity in Apache InLong

2023-10-1609:30:19

Google

osv.dev

apache inlong

data authenticity

unauthorized access

upgrade

pull request

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

AI Score

Confidence

High

EPSS

0.001

Percentile

28.4%

JSON

Insufficient Verification of Data Authenticity vulnerability in Apache InLong.This issue affects Apache InLong: from 1.4.0 through 1.8.0,

General user can view all user data like Admin account.

Users are advised to upgrade to Apache InLong’s 1.9.0 or cherry-pick [1] to solve it.

[1] https://github.com/apache/inlong/pull/8623

References

github.com/apache/inlong/pull/8623

lists.apache.org/thread/scbgh3ty3xcxm3q33r2t9f42gwwo1why

nvd.nist.gov/vuln/detail/CVE-2023-43666

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

AI Score

Confidence

High

EPSS

0.001

Percentile

28.4%

JSON

Related for OSV:GHSA-WJ6Q-CHPV-MCRX