CVE-2023-31453
Last modified
CVE-2023-31453 is a high-severity vulnerability rated 7.5/10 on the CVSS scale. Incorrect Permission Assignment for Critical Resource Vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.2.0 through 1.6.0. The attacker can delete others' subscriptions, even if they are not the owner of the deleted subscription. Users are advised to upgrade to Apache InLong's 1.7.0 or cherry-pick [1] to solve it. [1] https://github.com/apache/inlong/pull/7949 https://github.com/apache/inlong/pull/7949 . EPSS estimates a 1.18% chance of exploitation in the next 30 days.
Description
Incorrect Permission Assignment for Critical Resource Vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.2.0 through 1.6.0. The attacker can delete others' subscriptions, even if they are not the owner of the deleted subscription. Users are advised to upgrade to Apache InLong's 1.7.0 or cherry-pick [1] to solve it. [1] https://github.com/apache/inlong/pull/7949 https://github.com/apache/inlong/pull/7949
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Apache | Inlong | >= 1.2.0, <= 1.6.0 |
References
- https://lists.apache.org/thread/9nz8o2skgc5230w276h4w92j0zstnl06Mailing List, Vendor Advisory
- https://lists.apache.org/thread/9nz8o2skgc5230w276h4w92j0zstnl06Mailing List, Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2023-31453?
How severe is CVE-2023-31453?
How do I fix CVE-2023-31453?
Are you affected by CVE-2023-31453?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST