CVE-2023-31454

Опубликовано: 22 мая 2023

Источник: nvd

CVSS3: 7.5

EPSS Низкий

Описание

Incorrect Permission Assignment for Critical Resource Vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.2.0 through 1.6.0.

The attacker can bind any cluster, even if he is not the cluster owner. Users are advised to upgrade to Apache InLong's 1.7.0 or cherry-pick [1] to solve it.[1]

https://github.com/apache/inlong/pull/7947 https://github.com/apache/inlong/pull/7947

Ссылки

https://lists.apache.org/thread/nqt1tr6pbq8q4b033d7sg5gltx5pmjgl
Mailing List
Vendor Advisory
https://lists.apache.org/thread/nqt1tr6pbq8q4b033d7sg5gltx5pmjgl
Mailing List
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:apache:inlong:*:*:*:*:*:*:*:*

Версия от 1.2.0 (включая) до 1.6.0 (включая)

EPSS

Процентиль: 34%

0.00141

Низкий

7.5 High

CVSS3

Дефекты

CWE-732

Связанные уязвимости

GHSA-rf76-whgp-fp56

CVSS3: 7.5

github

больше 2 лет назад

Apache InLong vulnerable to Incorrect Permission Assignment for Critical Resource

BDU:2023-02861

CVSS3: 9.8

fstec