CVE-2023-31064 - OpenCVE

Files or Directories Accessible to External Parties vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.2.0 through 1.6.0. the user in InLong could cancel an application that doesn't belongs to it. Users are advised to upgrade to Apache InLong's 1.7.0 or cherry-pick https://github.com/apache/inlong/pull/7799 https://github.com/apache/inlong/pull/7799 to solve it.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Apache	Inlong

Configuration 1 [-]

cpe:2.3:a:apache:inlong:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://lists.apache.org/thread/1osd2k3t3qol2wdsswqtr9gxdkf78n00

History

No history.

MITRE

Status: PUBLISHED

Assigner: apache

Published: 2023-05-22T15:44:22.343Z

Updated: 2024-08-02T14:45:25.283Z

Reserved: 2023-04-24T02:58:38.735Z

Link: CVE-2023-31064

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2023-05-22T16:15:09.963

Modified: 2023-05-27T02:44:54.597

Link: CVE-2023-31064

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-31064", "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "state": "PUBLISHED", "assignerShortName": "apache", "dateReserved": "2023-04-24T02:58:38.735Z", "datePublished": "2023-05-22T15:44:22.343Z", "dateUpdated": "2024-08-02T14:45:25.283Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Apache InLong", "vendor": "Apache Software Foundation", "versions": [{"lessThanOrEqual": "1.6.0", "status": "affected", "version": "1.2.0", "versionType": "semver"}]}], "credits": [{"lang": "en", "type": "finder", "value": "lujie.ac.cn"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Files or Directories Accessible to External Parties vulnerability in Apache Software Foundation Apache InLong.<p>This issue affects Apache InLong: from 1.2.0 through 1.6.0. the user in InLong could cancel an <span style=\"background-color: rgb(255, 255, 255);\">application that doesn't belongs to it. </span>Users are advised to upgrade to Apache InLong's 1.7.0 or cherry-pick <a target=\"_blank\" rel=\"nofollow\" href=\"https://github.com/apache/inlong/pull/7799\">https://github.com/apache/inlong/pull/7799</a> to solve it.<br></p>"}], "value": "Files or Directories Accessible to External Parties vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.2.0 through 1.6.0. the user in InLong could cancel an\u00a0application that doesn't belongs to it.\u00a0Users are advised to upgrade to Apache InLong's 1.7.0 or cherry-pick https://github.com/apache/inlong/pull/7799 https://github.com/apache/inlong/pull/7799 to solve it.\n\n\n"}], "metrics": [{"other": {"content": {"text": "important"}, "type": "Textual description of severity"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-552", "description": "CWE-552 Files or Directories Accessible to External Parties", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "shortName": "apache", "dateUpdated": "2023-05-22T15:44:22.343Z"}, "references": [{"tags": ["vendor-advisory"], "url": "https://lists.apache.org/thread/1osd2k3t3qol2wdsswqtr9gxdkf78n00"}], "source": {"discovery": "UNKNOWN"}, "title": "Apache InLong: Insecurity direct object references cancelling applications", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T14:45:25.283Z"}, "title": "CVE Program Container", "references": [{"tags": ["vendor-advisory", "x_transferred"], "url": "https://lists.apache.org/thread/1osd2k3t3qol2wdsswqtr9gxdkf78n00"}]}]}}