CVE-2023-31454

Published: May 22, 2023

Modified: Oct 9, 2024

PUBLISHED

Description

Incorrect Permission Assignment for Critical Resource Vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.2.0 through 1.6.0. The attacker can bind any cluster, even if he is not the cluster owner. Users are advised to upgrade to Apache InLong's 1.7.0 or cherry-pick [1] to solve it.[1] https://github.com/apache/inlong/pull/7947 https://github.com/apache/inlong/pull/7947

Vendor	Product	Versions
Apache Software Foundation	Apache InLong	affected `1.2.0 - <= 1.6.0`

Weaknesses (CWE)

CWE-732

References

https://lists.apache.org/thread/nqt1tr6pbq8q4b033d7sg5gltx5pmjgl

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2023-31454

Description

Affected Products

Weaknesses (CWE)

References