CVE-2023-31454

2023-05-2214:15:09

CWE-732

[email protected]

web.nvd.nist.gov

cve-2023-31454

apache inlong

permission assignment

vulnerability

security advisory

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

0.002 Low

EPSS

Percentile

61.3%

JSON

Incorrect Permission Assignment for Critical Resource Vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.2.0 through 1.6.0.

The attacker can bind any cluster, even if he is not the cluster owner. Users are advised to upgrade to Apache InLong’s 1.7.0 or cherry-pick [1] to solve it.[1]

https://github.com/apache/inlong/pull/7947 https://github.com/apache/inlong/pull/7947

Affected configurations

Vulners

NVD

Node

apacheinlongRange≤1.6.0

CPENameOperatorVersion
apache:inlongapache inlongle1.6.0

CPE	Name	Operator	Version
apache:inlong	apache inlong	le	1.6.0

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Apache InLong",
    "vendor": "Apache Software Foundation",
    "versions": [
      {
        "lessThanOrEqual": "1.6.0",
        "status": "affected",
        "version": "1.2.0",
        "versionType": "semver"
      }
    ]
  }
]