Incorrect Permission Assignment for Critical Resource Vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.2.0 through 1.6.0. The attacker can delete others' subscriptions, even if they are not the owner of the deleted subscription. Users are advised to upgrade to Apache InLong's 1.7.0 or cherry-pick [1] to solve it. [1] https://github.com/apache/inlong/pull/7949 https://github.com/apache/inlong/pull/7949
History

Fri, 11 Oct 2024 21:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


cve-icon MITRE

Status: PUBLISHED

Assigner: apache

Published: 2023-05-22T13:25:47.820Z

Updated: 2024-10-11T13:46:50.433Z

Reserved: 2023-04-28T09:51:46.162Z

Link: CVE-2023-31453

cve-icon Vulnrichment

Updated: 2024-08-02T14:53:31.072Z

cve-icon NVD

Status : Modified

Published: 2023-05-22T14:15:09.643

Modified: 2024-11-21T08:01:53.757

Link: CVE-2023-31453

cve-icon Redhat

No data.