Vulnerabilities > CVE-2023-34189 - Exposure of Resource to Wrong Sphere vulnerability in Apache Inlong

CVSS 6.5 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

NONE

Integrity impact

HIGH

Availability impact

NONE

network

low complexity

apache

CWE-668

NVD

Published: 2023-07-25

Updated: 2023-08-02

Summary

Exposure of Resource to Wrong Sphere Vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.4.0 through 1.7.0. The attacker could use general users to delete and update the process, which only the admin can operate occurrences. Users are advised to upgrade to Apache InLong's 1.8.0 or cherry-pick https://github.com/apache/inlong/pull/8109 to solve it.

Vulnerable Configurations

Part	Description	Count
Application	Apache Apache Inlong 1.4.0 Apache Inlong 1.5.0 Apache Inlong 1.6.0 Apache Inlong 1.7.0	4

Common Weakness Enumeration (CWE)

CWE-668 - Exposure of Resource to Wrong Sphere

References

https://lists.apache.org/thread/smxqyx43hxjvzv4w71n2n3rfho9p378s
http://www.openwall.com/lists/oss-security/2023/07/25/2