[MAVEN:GHSA-RF76-WHGP-FP56] Apache InLong vulnerable to Incorrect Permission Assignment for Critical Resource
Severity
High
Affected Packages
1
Fixed Packages
1
CVEs
1
Incorrect Permission Assignment for Critical Resource Vulnerability in Apache Software Foundation Apache InLong. This issue affects Apache InLong from 1.2.0 through 1.6.0. The attacker can bind any cluster, even if he is not the cluster owner. Users are advised to upgrade to Apache InLong 1.7.0 or cherry-pick https://github.com/apache/inlong/pull/7947 to solve it.
| Package | Affected Version |
|---|---|
 pkg:maven/org.apache.inlong/manager-service
|
>= 1.2.0, < 1.7.0 |
| Package | Fixed Version |
|---|---|
|
pkg:maven/org.apache.inlong/manager-service
|
= 1.7.0 |
- ID
- MAVEN:GHSA-RF76-WHGP-FP56
- Severity
- high
- URL
- https://github.com/advisories/GHSA-rf76-whgp-fp56
- Published
-
2023-07-06T21:14:59
(14 months ago) - Modified
-
2023-11-10T05:02:26
(10 months ago) - Rights
- Maven Security Team
| Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
|---|---|---|---|---|---|---|---|
| Affected | pkg:maven/org.apache.inlong/manager-service | org.apache.inlong |
manager-service
|
>= 1.2.0 < 1.7.0 | |||
| Fixed | pkg:maven/org.apache.inlong/manager-service | org.apache.inlong |
manager-service
|
= 1.7.0 |
| # CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
|---|---|---|---|---|---|---|---|---|---|---|---|
| # CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |