Apache InLong has Files or Directories Accessible to External Parties in Apache InLong

2023-07-0621:14:59

CWE-552

GitHub Advisory Database

github.com

apache inlong

external parties

files

directories

vulnerability

software foundation

CVSS3

9.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

EPSS

0.003

Percentile

70.8%

JSON

Files or Directories Accessible to External Parties vulnerability in Apache Software Foundation Apache InLong. This issue affects Apache InLong: from 1.4.0 through 1.6.0. Different users in InLong could delete, edit, stop, and start others’ sources. Users are advised to upgrade to Apache InLong’s 1.7.0 or cherry-pick https://github.com/apache/inlong/pull/7775 to solve it.

Affected configurations

Vulners

Node

org.apache.inlongmanager-webRange1.4.0–1.7.0

org.apache.inlongmanager-serviceRange1.4.0–1.7.0

VendorProductVersionCPE
org.apache.inlongmanager-web*cpe:2.3:a:org.apache.inlong:manager-web:*:*:*:*:*:*:*:*
org.apache.inlongmanager-service*cpe:2.3:a:org.apache.inlong:manager-service:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
org.apache.inlong	manager-web	*	cpe:2.3:a:org.apache.inlong:manager-web::::::::
org.apache.inlong	manager-service	*	cpe:2.3:a:org.apache.inlong:manager-service::::::::