Apache InLong Incorrect Permission Assignment for Critical Resource Vulnerability

GHSA-8rjh-3mhm-966q · CVE-2023-31453

Published Jul 6, 2023 · Modified Feb 16, 2024

Description

Incorrect Permission Assignment for Critical Resource Vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.2.0 through 1.6.0. The attacker can delete others' subscriptions, even if they are not the owner
of the deleted subscription. Users are advised to upgrade to Apache InLong's 1.7.0 or cherry-pick https://github.com/apache/inlong/pull/7949 to solve it.

References

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2023-31453
WEB https://github.com/apache/inlong/pull/7949
PACKAGE https://github.com/apache/inlong
WEB https://lists.apache.org/thread/9nz8o2skgc5230w276h4w92j0zstnl06

Ready to move

Start Securing

Start for Free Get Demo

Free, no credit card | First findings in minutes