PT-2023-2906 · Apache · Apache Inlong

Charles Zhang

Publicado

2023-05-21

Atualizado

2024-10-09

CVE-2023-31454

CVSS v2.0

Alta

Vetor

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Apache InLong versions 1.2.0 through 1.6.0

Description The issue is related to an incorrect permission assignment for a critical resource in Apache InLong, allowing a remote attacker to elevate their privileges and bind any cluster, even if they are not the cluster owner.

Recommendations For Apache InLong versions 1.2.0 through 1.6.0, users are advised to upgrade to Apache InLong's 1.7.0 or cherry-pick the solution from https://github.com/apache/inlong/pull/7947 to solve the issue.

Correção

Incorrect Permission

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-732

Identificadores relacionados

BDU:2023-02861

CVE-2023-31454

GHSA-RF76-WHGP-FP56

Produtos afetados

Apache Inlong

PT-2023-2906 · Apache · Apache Inlong

CVE-2023-31454

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 9