PT-2023-24727 · Apache · Apache Inlong

Charles Zhang

·

Publicado

2023-07-25

·

Atualizado

2023-08-02

·

CVE-2023-34189

CVSS v3.1

6.5

Média

VetorAV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Name of the Vulnerable Software and Affected Versions Apache InLong versions 1.4.0 through 1.7.0
Description The issue allows an attacker to use general users to delete and update processes that should only be operable by admins.
Recommendations For versions 1.4.0 through 1.7.0, upgrade to Apache InLong's 1.8.0 or cherry-pick https://github.com/apache/inlong/pull/8109 to solve the issue.

Correção

Exposure of Resource to Wrong Sphere

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-668

Identificadores relacionados

CVE-2023-34189
GHSA-86PW-4RQP-6X7V

Produtos afetados

Apache Inlong