Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS04NnB3LTRycXAtNng3ds4AA04A
Apache InLong: General user can delete and update process
Exposure of Resource to Wrong Sphere Vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.4.0 through 1.7.0. The attacker could use general users to delete and update the process, which only the admin can operate occurrences.
Users are advised to upgrade to Apache InLong's 1.8.0 or cherry-pick https://github.com/apache/inlong/pull/8109 to solve it.
Permalink: https://github.com/advisories/GHSA-86pw-4rqp-6x7vJSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS04NnB3LTRycXAtNng3ds4AA04A
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: over 1 year ago
Updated: about 1 year ago
CVSS Score: 6.5
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
EPSS Percentage: 0.00091
EPSS Percentile: 0.40237
Identifiers: GHSA-86pw-4rqp-6x7v, CVE-2023-34189
References:
- https://nvd.nist.gov/vuln/detail/CVE-2023-34189
- https://lists.apache.org/thread/smxqyx43hxjvzv4w71n2n3rfho9p378s
- https://github.com/apache/inlong/issues/8108
- https://github.com/apache/inlong/pull/8109
- http://www.openwall.com/lists/oss-security/2023/07/25/2
- https://github.com/advisories/GHSA-86pw-4rqp-6x7v
Blast Radius: 1.0
Affected Packages
maven:org.apache.inlong:inlong-manager
Dependent packages: 0Dependent repositories: 0
Downloads:
Affected Version Ranges: >= 1.4.0, < 1.8.0
Fixed in: 1.8.0
All affected versions: 1.4.0, 1.5.0, 1.6.0, 1.7.0
All unaffected versions: 1.3.0, 1.8.0, 1.9.0, 1.10.0, 1.11.0, 1.12.0, 1.13.0, 2.0.0