CVE-2023-31098

Name of the Vulnerable Software and Affected Versions Apache InLong versions 1.1.0 through 1.6.0

Description The issue is related to weak password requirements in Apache InLong. When users change their password to a simple password, attackers can easily guess the user's password and access the account. This allows a remote attacker to gain access to a user's account.

Recommendations To solve the issue, users are advised to upgrade to Apache InLong's 1.7.0 or cherry-pick https://github.com/apache/inlong/pull/7805. As a temporary workaround, consider implementing strong password policies to minimize the risk of exploitation. Restrict access to accounts with simple passwords to minimize the risk of exploitation.