Base Score

HIGH7.5

CVE-2023-31064

Files or Directories Accessible to External Parties vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.2.0 through 1.6.0. the user in InLong could cancel an application that doesn't belongs to it. Users are advised to upgrade to Apache InLong's 1.7.0 or cherry-pick https://github.com/apache/inlong/pull/7799 https://github.com/apache/inlong/pull/7799 to solve it.

VectorNETWORK

Published Bysecurity@apache.org

Published DateMay 22, 2023, 16:15

Affected Versions(1)

org.apache.inlong:manager-workflow(Maven)

Introduced1.2.0

Fixed1.7.0

LimitN/A

Package (Ecosystem)	Introduced	Fixed	Limit
org.apache.inlong:manager-workflow(Maven)	1.2.0	1.7.0	N/A

Weakness Type (CWE):CWE-552

CVSS Metrics

Base Score

7.5

Vector String

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Base Severity

HIGH

Version

3.1

Attack Vector (AV)

NETWORK

Attack Complexity (AC)

LOW

Privileges Required (PR)

NONE

User Interaction (UI)

NONE

Scope (S)

UNCHANGED

Confidentiality (C)

NONE

Integrity (I)

HIGH

Availability (A)

NONE

References

https://lists.apache.org/thread/1osd2k3t3qol2wdsswqtr9gxdkf78n00

Base Score

HIGH7.5

Weakness Type (CWE):CWE-552

CVSS Metrics

Base Score

7.5

Vector String

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Base Severity

HIGH

Version

3.1

Attack Vector (AV)

NETWORK

Attack Complexity (AC)

LOW

Privileges Required (PR)

NONE

User Interaction (UI)

NONE

Scope (S)

UNCHANGED

Confidentiality (C)

NONE

Integrity (I)

HIGH

Availability (A)

NONE