CVE-2023-31062 Apache InLong: Privilege escalation vulnerability for InLong

Improper Privilege Management Vulnerabilities in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.2.0 through 1.6.0. When the attacker has access to a valid but unprivileged account, the exploit can be executed using Burp Suite by sending a login request and...

CVE-2023-31062

CVE-2023-31062 documents an Apache InLong Privilege Escalation vulnerability (affected versions 1.2.0–1.6.0). The issue arises from improper privilege management, allowing an attacker who has a valid but unprivileged account to escalate privileges by sending a login request (e.g., via Burp Suite)...

CVE-2023-31064 Apache InLong: Insecurity direct object references cancelling applications

Files or Directories Accessible to External Parties vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.2.0 through 1.6.0. the user in InLong could cancel an application that doesn't belongs to it. Users are advised to upgrade to Apache InLong's 1.7....

CVE-2023-31064

CVE-2023-31064 affects Apache InLong 1.2.0–1.6.0. The issue stems from files/directories being accessible to external parties, allowing a user to cancel an application that does not belong to them. The root cause is improper restrictions on the directory path when loading files. Exploitation is p...

CVE-2023-31065 Apache InLong: Insufficient Session Expiration in InLong

Insufficient Session Expiration vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.4.0 through 1.6.0. An old session can be used by an attacker even after the user has been deleted or the password has been changed. Users are advised to upgrade to...

CVE-2023-31065 Apache InLong: Insufficient Session Expiration in InLong

Insufficient Session Expiration vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.4.0 through 1.6.0. An old session can be used by an attacker even after the user has been deleted or the password has been changed. Users are advised to upgrade to...

CVE-2023-31066 Apache InLong: Insecure direct object references for inlong sources

Files or Directories Accessible to External Parties vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.4.0 through 1.6.0. Different users in InLong could delete, edit, stop, and start others' sources! Users are advised to upgrade to Apache InLong's...

CVE-2023-31066 Apache InLong: Insecure direct object references for inlong sources

Files or Directories Accessible to External Parties vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.4.0 through 1.6.0. Different users in InLong could delete, edit, stop, and start others' sources! Users are advised to upgrade to Apache InLong's...

CVE-2023-31098

CVE-2023-31098 concerns Apache InLong, affected in versions 1.1.0 through 1.6.0. The underlying issue is weak password requirements: the application does not enforce sufficient password complexity, enabling attackers to guess passwords and gain account access. The risk is described as a high impa...

CVE-2023-31101

CVE-2023-31101 affects Apache InLong 1.5.0–1.6.0 and allows users registered later to see data from deleted users due to insecure default initialization of resources. The vulnerability is categorized as an information disclosure issue; the publicly available fix is to upgrade to InLong 1.7.0 or c...

CVE-2023-31103 Apache InLong: Attackers can change the immutable name and type of cluster

Exposure of Resource to Wrong Sphere Vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.4.0 through 1.6.0. Attackers can change the immutable name and type of cluster of InLong. Users are advised to upgrade to Apache InLong's 1.7.0 or cherry-pick...

CVE-2023-31103

CVE-2023-31103 describes an exposure of resource to wrong sphere vulnerability in Apache InLong, affecting versions 1.4.0–1.6.0. The issue allows attackers to change the immutable name and type of an InLong cluster, constituting an integrity risk. Remediation: upgrade to InLong 1.7.0 or cherry‑pi...

CVE-2023-31453

Incorrect Permission Assignment for Critical Resource Vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.2.0 through 1.6.0. The attacker can delete others' subscriptions, even if they are not the owner of the deleted subscription. Users are advised ...

Design/Logic Flaw

Incorrect Permission Assignment for Critical Resource Vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.2.0 through 1.6.0. The attacker can bind any cluster, even if he is not the cluster owner. Users are advised to upgrade to Apache InLong's 1.7.0...

CVE-2023-31206

CVE-2023-31206 describes an Exposure of Resource to Wrong Sphere vulnerability affecting Apache InLong versions 1.4.0–1.6.0. The flaw allows an attacker to change the immutable name and type of InLong nodes due to exposure to the wrong sphere. Remediation across sources is to upgrade to InLong 1....

CVE-2023-31206 Apache InLong: Attackers can change the immutable name and type of nodes

Exposure of Resource to Wrong Sphere Vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.4.0 through 1.6.0. Attackers can change the immutable name and type of nodes of InLong. Users are advised to upgrade to Apache InLong's 1.7.0 or cherry-pick 1 to...

CVE-2023-31453

Apache InLong has a vulnerability CVE-2023-31453: incorrect permission assignment in versions 1.2.0–1.6.0 that allows deleting other users’ subscriptions. The issue is introduced in the access control for subscriptions and is not present in 1.7.0+. Remediation: upgrade to InLong 1.7.0 or cherry-p...

CVE-2023-31058

Deserialization of Untrusted Data Vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.4.0 through 1.6.0. Attackers would bypass the 'autoDeserialize' option filtering by adding blanks. Users are advised to upgrade to Apache InLong's 1.7.0 or...

Deserialization of untrusted data

Deserialization of Untrusted Data Vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.4.0 through 1.6.0. Attackers would bypass the 'autoDeserialize' option filtering by adding blanks. Users are advised to upgrade to Apache InLong's 1.7.0 or...

CVE-2023-31058 Apache InLong: JDBC URL bypassing by adding blanks

Deserialization of Untrusted Data Vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.4.0 through 1.6.0. Attackers would bypass the 'autoDeserialize' option filtering by adding blanks. Users are advised to upgrade to Apache InLong's 1.7.0 or...