PT-2023-5725 · Apache · Apache Inlong

Charles Zhang

Published

2023-05-22

Updated

2024-10-11

CVE-2023-31098

CVSS v2.0

Critical

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Apache InLong versions 1.1.0 through 1.6.0

Description The issue is related to weak password requirements in Apache InLong. When users change their password to a simple password, attackers can easily guess the user's password and access the account. This allows a remote attacker to gain access to a user's account.

Recommendations To solve the issue, users are advised to upgrade to Apache InLong's 1.7.0 or cherry-pick https://github.com/apache/inlong/pull/7805. As a temporary workaround, consider implementing strong password policies to minimize the risk of exploitation. Restrict access to accounts with simple passwords to minimize the risk of exploitation.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-521

Related Identifiers

BDU:2023-06395

CVE-2023-31098

GHSA-W3WR-GMWF-R333

Affected Products

Apache Inlong

PT-2023-5725 · Apache · Apache Inlong

CVE-2023-31098

Weakness Enumeration

Related Identifiers

Affected Products

References · 8