CVE-2023-34189
Last modified
CVE-2023-34189 is a medium-severity vulnerability rated 6.5/10 on the CVSS scale. Exposure of Resource to Wrong Sphere Vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.4.0 through 1.7.0. The attacker could use general users to delete and update the process, which only the admin can operate occurrences. Users are advised to upgrade to Apache InLong's 1.8.0 or cherry-pick https://github.com/apache/inlong/pull/8109 to solve it.. EPSS estimates a 0.93% chance of exploitation in the next 30 days.
Description
Exposure of Resource to Wrong Sphere Vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.4.0 through 1.7.0. The attacker could use general users to delete and update the process, which only the admin can operate occurrences. Users are advised to upgrade to Apache InLong's 1.8.0 or cherry-pick https://github.com/apache/inlong/pull/8109 to solve it.
Metrics
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Apache | Inlong | >= 1.4.0, <= 1.7.0 |
References
- http://www.openwall.com/lists/oss-security/2023/07/25/2Mailing List, Third Party Advisory
- https://lists.apache.org/thread/smxqyx43hxjvzv4w71n2n3rfho9p378sMailing List, Vendor Advisory
- http://www.openwall.com/lists/oss-security/2023/07/25/2Mailing List, Third Party Advisory
- https://lists.apache.org/thread/smxqyx43hxjvzv4w71n2n3rfho9p378sMailing List, Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2023-34189?
How severe is CVE-2023-34189?
How do I fix CVE-2023-34189?
Are you affected by CVE-2023-34189?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST