PT-2023-2906 · Apache · Apache Inlong

Charles Zhang

Published

2023-05-21

Updated

2024-10-09

CVE-2023-31454

CVSS v2.0

High

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Apache InLong versions 1.2.0 through 1.6.0

Description The issue is related to an incorrect permission assignment for a critical resource in Apache InLong, allowing a remote attacker to elevate their privileges and bind any cluster, even if they are not the cluster owner.

Recommendations For Apache InLong versions 1.2.0 through 1.6.0, users are advised to upgrade to Apache InLong's 1.7.0 or cherry-pick the solution from https://github.com/apache/inlong/pull/7947 to solve the issue.

Fix

Incorrect Permission

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-732

Related Identifiers

BDU:2023-02861

CVE-2023-31454

GHSA-RF76-WHGP-FP56

Affected Products

Apache Inlong

PT-2023-2906 · Apache · Apache Inlong

CVE-2023-31454

Weakness Enumeration

Related Identifiers

Affected Products

References · 9