CVE-2023-31064 - OpenCVE

Files or Directories Accessible to External Parties vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.2.0 through 1.6.0. the user in InLong could cancel an application that doesn't belongs to it. Users are advised to upgrade to Apache InLong's 1.7.0 or cherry-pick https://github.com/apache/inlong/pull/7799 https://github.com/apache/inlong/pull/7799 to solve it.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Apache	Inlong

Configuration 1 [-]

cpe:2.3:a:apache:inlong:*:*:*:*:*:*:*:*

References

Link	Resource
https://lists.apache.org/thread/1osd2k3t3qol2wdsswqtr9gxdkf78n00	Mailing List Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: apache

Published: 2023-05-22T15:44:22.343Z

Updated: 2023-05-22T15:44:22.343Z

Reserved: 2023-04-24T02:58:38.735Z

Link: CVE-2023-31064

JSON object: View

NVD Information

Status : Analyzed

Published: 2023-05-22T16:15:09.963

Modified: 2023-05-27T02:44:54.597

Link: CVE-2023-31064

JSON object: View

Redhat Information

No data.

CWE

CWE-552

{"dataType": "CVE_RECORD", "dataVersion": "5.0", "cveMetadata": {"cveId": "CVE-2023-31064", "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "state": "PUBLISHED", "assignerShortName": "apache", "dateReserved": "2023-04-24T02:58:38.735Z", "datePublished": "2023-05-22T15:44:22.343Z", "dateUpdated": "2023-05-22T15:44:22.343Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Apache InLong", "vendor": "Apache Software Foundation", "versions": [{"lessThanOrEqual": "1.6.0", "status": "affected", "version": "1.2.0", "versionType": "semver"}]}], "credits": [{"lang": "en", "type": "finder", "value": "lujie.ac.cn"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Files or Directories Accessible to External Parties vulnerability in Apache Software Foundation Apache InLong.<p>This issue affects Apache InLong: from 1.2.0 through 1.6.0. the user in InLong could cancel an <span style=\"background-color: rgb(255, 255, 255);\">application that doesn't belongs to it. </span>Users are advised to upgrade to Apache InLong's 1.7.0 or cherry-pick <a target=\"_blank\" rel=\"nofollow\" href=\"https://github.com/apache/inlong/pull/7799\">https://github.com/apache/inlong/pull/7799</a> to solve it.<br></p>"}], "value": "Files or Directories Accessible to External Parties vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.2.0 through 1.6.0. the user in InLong could cancel an\u00a0application that doesn't belongs to it.\u00a0Users are advised to upgrade to Apache InLong's 1.7.0 or cherry-pick https://github.com/apache/inlong/pull/7799 https://github.com/apache/inlong/pull/7799 to solve it.\n\n\n"}], "metrics": [{"other": {"content": {"text": "important"}, "type": "Textual description of severity"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-552", "description": "CWE-552 Files or Directories Accessible to External Parties", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "shortName": "apache", "dateUpdated": "2023-05-22T15:44:22.343Z"}, "references": [{"tags": ["vendor-advisory"], "url": "https://lists.apache.org/thread/1osd2k3t3qol2wdsswqtr9gxdkf78n00"}], "source": {"discovery": "UNKNOWN"}, "title": "Apache InLong: Insecurity direct object references cancelling applications", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}}}