Incorrect Permission Assignment for Critical Resource Vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.2.0 through 1.6.0. The attacker can delete others' subscriptions, even if they are not the owner
of the deleted subscription. Users are advised to upgrade to Apache InLong's 1.7.0 or cherry-pick [1] to solve it.
[1]
https://github.com/apache/inlong/pull/7949 https://github.com/apache/inlong/pull/7949
Metrics
Affected Vendors & Products
References
History
Fri, 11 Oct 2024 21:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
MITRE
Status: PUBLISHED
Assigner: apache
Published: 2023-05-22T13:25:47.820Z
Updated: 2024-10-11T13:46:50.433Z
Reserved: 2023-04-28T09:51:46.162Z
Link: CVE-2023-31453
Vulnrichment
Updated: 2024-08-02T14:53:31.072Z
NVD
Status : Modified
Published: 2023-05-22T14:15:09.643
Modified: 2024-11-21T08:01:53.757
Link: CVE-2023-31453
Redhat
No data.