CVE-2023-31066 - OpenCVE

Files or Directories Accessible to External Parties vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.4.0 through 1.6.0. Different users in InLong could delete, edit, stop, and start others' sources! Users are advised to upgrade to Apache InLong's 1.7.0 or cherry-pick https://github.com/apache/inlong/pull/7775 https://github.com/apache/inlong/pull/7775 to solve it.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Apache	Inlong

Configuration 1 [-]

cpe:2.3:a:apache:inlong:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://lists.apache.org/thread/x7y05wo37sq5l9fnmmsjh2dr9kcjrcxf

History

No history.

MITRE

Status: PUBLISHED

Assigner: apache

Published: 2023-05-22T15:35:41.768Z

Updated: 2024-08-02T14:45:25.772Z

Reserved: 2023-04-24T03:33:07.079Z

Link: CVE-2023-31066

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2023-05-22T16:15:10.090

Modified: 2023-05-27T03:24:41.447

Link: CVE-2023-31066

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-31066", "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "state": "PUBLISHED", "assignerShortName": "apache", "dateReserved": "2023-04-24T03:33:07.079Z", "datePublished": "2023-05-22T15:35:41.768Z", "dateUpdated": "2024-08-02T14:45:25.772Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Apache InLong", "vendor": "Apache Software Foundation", "versions": [{"lessThanOrEqual": "1.6.0", "status": "affected", "version": "1.4.0", "versionType": "semver"}]}], "credits": [{"lang": "en", "type": "finder", "value": "lujie.ac.cn"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Files or Directories Accessible to External Parties vulnerability in Apache Software Foundation Apache InLong.<p>This issue affects Apache InLong: from 1.4.0 through 1.6.0. Different users in InLong could <span style=\"background-color: rgb(255, 255, 255);\">delete, edit, stop, and start others' sources!</span> Users are advised to upgrade to Apache InLong's 1.7.0 or cherry-pick <a target=\"_blank\" rel=\"nofollow\" href=\"https://github.com/apache/inlong/pull/7775\">https://github.com/apache/inlong/pull/7775</a> to solve it.<br></p>"}], "value": "Files or Directories Accessible to External Parties vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.4.0 through 1.6.0. Different users in InLong could\u00a0delete, edit, stop, and start others' sources!\u00a0Users are advised to upgrade to Apache InLong's 1.7.0 or cherry-pick https://github.com/apache/inlong/pull/7775 https://github.com/apache/inlong/pull/7775 to solve it.\n\n\n"}], "metrics": [{"other": {"content": {"text": "important"}, "type": "Textual description of severity"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-552", "description": "CWE-552 Files or Directories Accessible to External Parties", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "shortName": "apache", "dateUpdated": "2023-05-22T15:35:41.768Z"}, "references": [{"tags": ["vendor-advisory"], "url": "https://lists.apache.org/thread/x7y05wo37sq5l9fnmmsjh2dr9kcjrcxf"}], "source": {"discovery": "UNKNOWN"}, "title": "Apache InLong: Insecure direct object references for inlong sources", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T14:45:25.772Z"}, "title": "CVE Program Container", "references": [{"tags": ["vendor-advisory", "x_transferred"], "url": "https://lists.apache.org/thread/x7y05wo37sq5l9fnmmsjh2dr9kcjrcxf"}]}]}}