CVE-2023-31453
Apache InLong Incorrect Permission Assignment for Critical Resource Vulnerability
7.5
HIGH
CVSS 3.1
EPSS 0.45%
Description
Incorrect Permission Assignment for Critical Resource Vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.2.0 through 1.6.0. The attacker can delete others' subscriptions, even if they are not the owner of the deleted subscription. Users are advised to upgrade to Apache InLong's 1.7.0 or cherry-pick https://github.com/apache/inlong/pull/7949 to solve it.
How to fix CVE-2023-31453
To remediate CVE-2023-31453, upgrade the affected package to a fixed version below.
- —upgrade to 1.7.0 or later
- —upgrade to 1.7.0 or later
Is CVE-2023-31453 being exploited?
Low — EPSS is 0.5%, meaning exploitation activity has not been observed at scale.
Affected packages (2)
- >= 1.2.0, < 1.7.0
- >= 1.2.0, < 1.7.0
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH7.5 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N |