Security
Headlines
HeadlinesLatestCVEs

Headline

GHSA-q5p5-xg93-2jqc: Apache InLong Improper Privilege Management vulnerability

Improper Privilege Management Vulnerabilities in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.2.0 through 1.6.0. When the attacker has access to a valid (but unprivileged) account, the exploit can be executed using Burp Suite by sending a login request and following it with a subsequent HTTP request using the returned cookie.

Users are advised to upgrade to Apache InLong’s 1.7.0 or cherry-pick https://github.com/apache/inlong/pull/7836 to solve it.

ghsa
#vulnerability#web#apache#git#java#maven
  1. GitHub Advisory Database
  2. GitHub Reviewed
  3. CVE-2023-31062

Apache InLong Improper Privilege Management vulnerability

Critical severity GitHub Reviewed Published Jul 6, 2023 to the GitHub Advisory Database • Updated Jul 6, 2023

Package

maven org.apache.inlong:manager-dao (Maven)

Affected versions

>= 1.2.0, < 1.7.0

maven org.apache.inlong:manager-pojo (Maven)

maven org.apache.inlong:manager-service (Maven)

maven org.apache.inlong:manager-web (Maven)

Published to the GitHub Advisory Database

Jul 6, 2023

Related news

CVE-2023-31062

Improper Privilege Management Vulnerabilities in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.2.0 through 1.6.0.  When the attacker has access to a valid (but unprivileged) account, the exploit can be executed using Burp Suite by sending a login request and following it with a subsequent HTTP request using the returned cookie. Users are advised to upgrade to Apache InLong's 1.7.0 or cherry-pick https://github.com/apache/inlong/pull/7836 https://github.com/apache/inlong/pull/7836 to solve it.