CVE-2023-31065
Apache InLong Insufficient Session Expiration vulnerability
9.1
CRITICAL
CVSS 3.1
EPSS 0.32%
Description
Insufficient Session Expiration vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.4.0 through 1.6.0. An old session can be used by an attacker even after the user has been deleted or the password has been changed. Users are advised to upgrade to Apache InLong's 1.7.0 or cherry-pick https://github.com/apache/inlong/pull/7836 or https://github.com/apache/inlong/pull/7884 to solve it.
How to fix CVE-2023-31065
To remediate CVE-2023-31065, upgrade the affected package to a fixed version below.
- —upgrade to 1.7.0 or later
- —upgrade to 1.7.0 or later
- —upgrade to 1.7.0 or later
- —upgrade to 1.7.0 or later
Is CVE-2023-31065 being exploited?
Low — EPSS is 0.3%, meaning exploitation activity has not been observed at scale.
Affected packages (4)
- >= 1.4.0, < 1.7.0
- >= 1.4.0, < 1.7.0
- >= 1.4.0, < 1.7.0
- >= 1.4.0, < 1.7.0
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | CRITICAL9.1 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N |