CVE-2023-31066

2023-05-2216:15:10

CWE-552

[email protected]

web.nvd.nist.gov

cve-2023-31066

apache inlong

vulnerability

external parties

access

files

directories

security fix

nvd

9.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

9.1 High

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

71.0%

JSON

Files or Directories Accessible to External Parties vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.4.0 through 1.6.0. Different users in InLong could delete, edit, stop, and start others’ sources! Users are advised to upgrade to Apache InLong’s 1.7.0 or cherry-pick https://github.com/apache/inlong/pull/7775 https://github.com/apache/inlong/pull/7775 to solve it.

Affected configurations

Vulners

NVD

Node

apacheinlongRange≤1.6.0

CPENameOperatorVersion
apache:inlongapache inlongle1.6.0

CPE	Name	Operator	Version
apache:inlong	apache inlong	le	1.6.0

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Apache InLong",
    "vendor": "Apache Software Foundation",
    "versions": [
      {
        "lessThanOrEqual": "1.6.0",
        "status": "affected",
        "version": "1.4.0",
        "versionType": "semver"
      }
    ]
  }
]