Apache InLong vulnerable to Incorrect Permission Assignment for Critical Resource

GHSA-rf76-whgp-fp56 · CVE-2023-31454

Published Jul 6, 2023 · Modified Feb 16, 2024

Description

Incorrect Permission Assignment for Critical Resource Vulnerability in Apache Software Foundation Apache InLong. This issue affects Apache InLong from 1.2.0 through 1.6.0. The attacker can bind any cluster, even if he is not the cluster owner. Users are advised to upgrade to Apache InLong 1.7.0 or cherry-pick https://github.com/apache/inlong/pull/7947 to solve it.

References

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2023-31454
WEB https://github.com/apache/inlong/pull/7947
PACKAGE https://github.com/apache/inlong
WEB https://lists.apache.org/thread/nqt1tr6pbq8q4b033d7sg5gltx5pmjgl

Ready to move

Start Securing

Start for Free Get Demo

Free, no credit card | First findings in minutes