CVE-2023-31066 - OpenCVE

Files or Directories Accessible to External Parties vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.4.0 through 1.6.0. Different users in InLong could delete, edit, stop, and start others' sources! Users are advised to upgrade to Apache InLong's 1.7.0 or cherry-pick https://github.com/apache/inlong/pull/7775 https://github.com/apache/inlong/pull/7775 to solve it.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Apache	Inlong

Configuration 1 [-]

cpe:2.3:a:apache:inlong:*:*:*:*:*:*:*:*

References

Link	Resource
https://lists.apache.org/thread/x7y05wo37sq5l9fnmmsjh2dr9kcjrcxf	Mailing List Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: apache

Published: 2023-05-22T15:35:41.768Z

Updated: 2023-05-22T15:35:41.768Z

Reserved: 2023-04-24T03:33:07.079Z

Link: CVE-2023-31066

JSON object: View

NVD Information

Status : Analyzed

Published: 2023-05-22T16:15:10.090

Modified: 2023-05-27T03:24:41.447

Link: CVE-2023-31066

JSON object: View

Redhat Information

No data.

CWE

CWE-552

{"dataType": "CVE_RECORD", "dataVersion": "5.0", "cveMetadata": {"cveId": "CVE-2023-31066", "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "state": "PUBLISHED", "assignerShortName": "apache", "dateReserved": "2023-04-24T03:33:07.079Z", "datePublished": "2023-05-22T15:35:41.768Z", "dateUpdated": "2023-05-22T15:35:41.768Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Apache InLong", "vendor": "Apache Software Foundation", "versions": [{"lessThanOrEqual": "1.6.0", "status": "affected", "version": "1.4.0", "versionType": "semver"}]}], "credits": [{"lang": "en", "type": "finder", "value": "lujie.ac.cn"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Files or Directories Accessible to External Parties vulnerability in Apache Software Foundation Apache InLong.<p>This issue affects Apache InLong: from 1.4.0 through 1.6.0. Different users in InLong could <span style=\"background-color: rgb(255, 255, 255);\">delete, edit, stop, and start others' sources!</span> Users are advised to upgrade to Apache InLong's 1.7.0 or cherry-pick <a target=\"_blank\" rel=\"nofollow\" href=\"https://github.com/apache/inlong/pull/7775\">https://github.com/apache/inlong/pull/7775</a> to solve it.<br></p>"}], "value": "Files or Directories Accessible to External Parties vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.4.0 through 1.6.0. Different users in InLong could\u00a0delete, edit, stop, and start others' sources!\u00a0Users are advised to upgrade to Apache InLong's 1.7.0 or cherry-pick https://github.com/apache/inlong/pull/7775 https://github.com/apache/inlong/pull/7775 to solve it.\n\n\n"}], "metrics": [{"other": {"content": {"text": "important"}, "type": "Textual description of severity"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-552", "description": "CWE-552 Files or Directories Accessible to External Parties", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "shortName": "apache", "dateUpdated": "2023-05-22T15:35:41.768Z"}, "references": [{"tags": ["vendor-advisory"], "url": "https://lists.apache.org/thread/x7y05wo37sq5l9fnmmsjh2dr9kcjrcxf"}], "source": {"discovery": "UNKNOWN"}, "title": "Apache InLong: Insecure direct object references for inlong sources", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}}}