GHSA-8rjh-3mhm-966q
Suggest an improvement- Source
- https://github.com/advisories/GHSA-8rjh-3mhm-966q
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/07/GHSA-8rjh-3mhm-966q/GHSA-8rjh-3mhm-966q.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-8rjh-3mhm-966q
- Aliases
- Published
- 2023-07-06T21:14:59Z
- Modified
- 2024-02-16T08:20:46.564596Z
- Severity
-
- 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CVSS Calculator
- Summary
- Apache InLong Incorrect Permission Assignment for Critical Resource Vulnerability
- Details
-
Incorrect Permission Assignment for Critical Resource Vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.2.0 through 1.6.0. The attacker can delete others' subscriptions, even if they are not the owner of the deleted subscription. Users are advised to upgrade to Apache InLong's 1.7.0 or cherry-pick https://github.com/apache/inlong/pull/7949 to solve it.
- Database specific
{ "nvd_published_at": "2023-05-22T14:15:09Z", "cwe_ids": [ "CWE-732" ], "severity": "HIGH", "github_reviewed": true, "github_reviewed_at": "2023-07-06T23:38:09Z" }- References
Affected packages
Maven / org.apache.inlong:manager-service
Package
- Name
- org.apache.inlong:manager-service
- View open source insights on deps.dev
- Purl
- pkg:maven/org.apache.inlong/manager-service
Maven / org.apache.inlong:manager-web
Package
- Name
- org.apache.inlong:manager-web
- View open source insights on deps.dev
- Purl
- pkg:maven/org.apache.inlong/manager-web