Lucene search

[email protected]NVD:CVE-2023-31066

HistoryMay 22, 2023 - 4:15 p.m.

CVE-2023-31066

2023-05-2216:15:10

CWE-552

[email protected]

web.nvd.nist.gov

apache inlong

vulnerability

external parties

files accessible

upgrade

patch

CVSS3

9.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

AI Score

9.2

Confidence

High

EPSS

0.003

Percentile

70.8%

JSON

Files or Directories Accessible to External Parties vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.4.0 through 1.6.0. Different users in InLong could delete, edit, stop, and start others’ sources! Users are advised to upgrade to Apache InLong’s 1.7.0 or cherry-pick https://github.com/apache/inlong/pull/7775 https://github.com/apache/inlong/pull/7775 to solve it.

Affected configurations

Nvd

Node

apacheinlongRange1.4.0–1.6.0

VendorProductVersionCPE
apacheinlong*cpe:2.3:a:apache:inlong:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
apache	inlong	*	cpe:2.3:a:apache:inlong::::::::

References

lists.apache.org/thread/x7y05wo37sq5l9fnmmsjh2dr9kcjrcxf

CVSS3

9.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

AI Score

9.2

Confidence

High

EPSS

0.003

Percentile

70.8%

JSON

Related for NVD:CVE-2023-31066

huntr1 osv2 prion1 cve1 cnvd1 veracode1 cvelist1 github1