CVE-2023-31454 Apache InLong: IDOR make users can bind any cluster

Incorrect Permission Assignment for Critical Resource Vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.2.0 through 1.6.0. The attacker can bind any cluster, even if he is not the cluster owner. Users are advised to upgrade to Apache InLong's 1.7.0...

CVE-2023-31454 Apache InLong: IDOR make users can bind any cluster

Incorrect Permission Assignment for Critical Resource Vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.2.0 through 1.6.0. The attacker can bind any cluster, even if he is not the cluster owner. Users are advised to upgrade to Apache InLong's 1.7.0...

Apache InLong 安全漏洞

Apache InLong is the United States Apache Apache Foundation's one-stop massive data integration framework. A security bypass vulnerability exists in Apache InLong versions 1.2.0 through 1.6.0. An attacker can exploit the vulnerability to bind any cluster, even if he is not the cluster owner...

IDOR make users can bind any cluster

Proof of Concept 1 admin create cluster1, cluster2, clusterTag1 and clusterTag2 2 admin add user1 as owner of cluster1,clusterTag1 3 user1 bind clusterTag1 to cluster1 4 user1 use burpsuite hiajck the request 5 the request content can be "clusterTag":"biaoqia4","bindClusters":1 6 change the reque...