GHSA-rf76-whgp-fp56
Suggest an improvement- Source
- https://github.com/advisories/GHSA-rf76-whgp-fp56
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/07/GHSA-rf76-whgp-fp56/GHSA-rf76-whgp-fp56.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-rf76-whgp-fp56
- Aliases
- Published
- 2023-07-06T21:14:59Z
- Modified
- 2024-02-16T08:17:14.179577Z
- Severity
-
- 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CVSS Calculator
- Summary
- Apache InLong vulnerable to Incorrect Permission Assignment for Critical Resource
- Details
-
Incorrect Permission Assignment for Critical Resource Vulnerability in Apache Software Foundation Apache InLong. This issue affects Apache InLong from 1.2.0 through 1.6.0. The attacker can bind any cluster, even if he is not the cluster owner. Users are advised to upgrade to Apache InLong 1.7.0 or cherry-pick https://github.com/apache/inlong/pull/7947 to solve it.
- Database specific
{ "nvd_published_at": "2023-05-22T14:15:09Z", "cwe_ids": [ "CWE-732" ], "severity": "HIGH", "github_reviewed": true, "github_reviewed_at": "2023-07-06T23:42:50Z" }- References
Affected packages
Maven / org.apache.inlong:manager-service
Package
- Name
- org.apache.inlong:manager-service
- View open source insights on deps.dev
- Purl
- pkg:maven/org.apache.inlong/manager-service