org.apache.inlong is vulnerable to Privilege Escalation. The vulnerability exists because the library does not properly remove the permission when deleting a user, allowing an attacker with a valid (but unprivileged) account to send malicious login requests and follow it with a subsequent HTTP request using the returned cookie.