Apache InLong 1.4.0-1.7.0 Wrong Sphere Privilege Escalation
CVE-2023-34189 Published on July 25, 2023
Apache InLong: General user can delete and update process
Exposure of Resource to Wrong Sphere Vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.4.0 through 1.7.0. The attacker could use general users to delete and update the process, which only the admin can operate occurrences.
Users are advised to upgrade to Apache InLong's 1.8.0 or cherry-pick https://github.com/apache/inlong/pull/8109 to solve it.
Weakness Type
Exposure of Resource to Wrong Sphere
The product exposes a resource to the wrong control sphere, providing unintended actors with inappropriate access to the resource.
Products Associated with CVE-2023-34189
Want to know whenever a new CVE is published for Apache InLong? stack.watch will email you.
Affected Versions
Apache Software Foundation Apache InLong:- Version 1.4.0, <= 1.7.0 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.