Apache InLong 1.4.0-1.7.0 Wrong Sphere Privilege Escalation
CVE-2023-34189 Published on July 25, 2023
Exposure of Resource to Wrong Sphere Vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.4.0 through 1.7.0. The attacker could use general users to delete and update the process, which only the admin can operate occurrences. Users are advised to upgrade to Apache InLong's 1.8.0 or cherry-pick https://github.com/apache/inlong/pull/8109 to solve it.
Weakness Type
Exposure of Resource to Wrong Sphere
The product exposes a resource to the wrong control sphere, providing unintended actors with inappropriate access to the resource.
Products Associated with CVE-2023-34189
You can be notified by email with stack.watch whenever vulnerabilities like CVE-2023-34189 are published in Apache InLong:
Affected Versions
Apache Software Foundation Apache InLong:- Version 1.4.0, <= 1.7.0 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.