CVE-2023-34189

Опубликовано: 25 июл. 2023

Источник: nvd

CVSS3: 6.5

EPSS Низкий

Описание

Exposure of Resource to Wrong Sphere Vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.4.0 through 1.7.0. The attacker could use general users to delete and update the process, which only the admin can operate occurrences.

Users are advised to upgrade to Apache InLong's 1.8.0 or cherry-pick https://github.com/apache/inlong/pull/8109 to solve it.

Ссылки

http://www.openwall.com/lists/oss-security/2023/07/25/2
Mailing List
Third Party Advisory
https://lists.apache.org/thread/smxqyx43hxjvzv4w71n2n3rfho9p378s
Mailing List
Vendor Advisory
http://www.openwall.com/lists/oss-security/2023/07/25/2
Mailing List
Third Party Advisory
https://lists.apache.org/thread/smxqyx43hxjvzv4w71n2n3rfho9p378s
Mailing List
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:apache:inlong:*:*:*:*:*:*:*:*

Версия от 1.4.0 (включая) до 1.7.0 (включая)

EPSS

Процентиль: 29%

0.00107

Низкий

6.5 Medium

CVSS3

Дефекты

CWE-668

Связанные уязвимости

GHSA-86pw-4rqp-6x7v