Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS1yZjc2LXdoZ3AtZnA1Ns4AA0dq
Apache InLong vulnerable to Incorrect Permission Assignment for Critical Resource
Incorrect Permission Assignment for Critical Resource Vulnerability in Apache Software Foundation Apache InLong. This issue affects Apache InLong from 1.2.0 through 1.6.0. The attacker can bind any cluster, even if he is not the cluster owner. Users are advised to upgrade to Apache InLong 1.7.0 or cherry-pick https://github.com/apache/inlong/pull/7947 to solve it.
Permalink: https://github.com/advisories/GHSA-rf76-whgp-fp56JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1yZjc2LXdoZ3AtZnA1Ns4AA0dq
Source: GitHub Advisory Database
Origin: Unspecified
Severity: High
Classification: General
Published: over 1 year ago
Updated: about 1 year ago
CVSS Score: 7.5
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
EPSS Percentage: 0.00231
EPSS Percentile: 0.60767
Identifiers: GHSA-rf76-whgp-fp56, CVE-2023-31454
References:
- https://nvd.nist.gov/vuln/detail/CVE-2023-31454
- https://lists.apache.org/thread/nqt1tr6pbq8q4b033d7sg5gltx5pmjgl
- https://github.com/apache/inlong/pull/7947
- https://github.com/advisories/GHSA-rf76-whgp-fp56
Blast Radius: 11.6
Affected Packages
maven:org.apache.inlong:manager-service
Dependent packages: 3Dependent repositories: 35
Downloads:
Affected Version Ranges: >= 1.2.0, < 1.7.0
Fixed in: 1.7.0
All affected versions: 1.3.0, 1.4.0, 1.5.0, 1.6.0
All unaffected versions: 1.7.0, 1.8.0, 1.9.0, 1.10.0, 1.11.0, 1.12.0, 1.13.0, 2.0.0