GHSA-8rjh-3mhm-966q

Suggest an improvement
Source
https://github.com/advisories/GHSA-8rjh-3mhm-966q
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/07/GHSA-8rjh-3mhm-966q/GHSA-8rjh-3mhm-966q.json
JSON Data
https://api.test.osv.dev/v1/vulns/GHSA-8rjh-3mhm-966q
Aliases
Published
2023-07-06T21:14:59Z
Modified
2023-11-10T05:17:52.252770Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CVSS Calculator
Summary
Apache InLong Incorrect Permission Assignment for Critical Resource Vulnerability
Details

Incorrect Permission Assignment for Critical Resource Vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.2.0 through 1.6.0. The attacker can delete others' subscriptions, even if they are not the owner of the deleted subscription. Users are advised to upgrade to Apache InLong's 1.7.0 or cherry-pick https://github.com/apache/inlong/pull/7949 to solve it.

Database specific
{
    "nvd_published_at": "2023-05-22T14:15:09Z",
    "cwe_ids": [
        "CWE-732"
    ],
    "severity": "HIGH",
    "github_reviewed": true,
    "github_reviewed_at": "2023-07-06T23:38:09Z"
}
References

Affected packages

Maven / org.apache.inlong:manager-service

Package

Name
org.apache.inlong:manager-service
View open source insights on deps.dev
Purl
pkg:maven/org.apache.inlong/manager-service

Affected ranges

Type
ECOSYSTEM
Events
Introduced
1.2.0
Fixed
1.7.0

Affected versions

1.*

1.2.0-incubating
1.3.0
1.4.0
1.5.0
1.6.0

Maven / org.apache.inlong:manager-web

Package

Name
org.apache.inlong:manager-web
View open source insights on deps.dev
Purl
pkg:maven/org.apache.inlong/manager-web

Affected ranges

Type
ECOSYSTEM
Events
Introduced
1.2.0
Fixed
1.7.0

Affected versions

1.*

1.2.0-incubating
1.3.0
1.4.0
1.5.0
1.6.0