Apache InLong 1.4-1.8: Data Auth Verification Flaw Exposes Admin Data
CVE-2023-43666 Published on October 16, 2023
Apache InLong: General user Unauthorized access User Management
Insufficient Verification of Data Authenticity vulnerability in Apache InLong.This issue affects Apache InLong: from 1.4.0 through 1.8.0,
General user can view all user data like Admin account.
Users are advised to upgrade to Apache InLong's 1.9.0 or cherry-pick [1] to solve it.
[1] https://github.com/apache/inlong/pull/8623
Weakness Type
Insufficient Verification of Data Authenticity
The software does not sufficiently verify the origin or authenticity of data, in a way that causes it to accept invalid data.
Products Associated with CVE-2023-43666
Want to know whenever a new CVE is published for Apache InLong? stack.watch will email you.
Affected Versions
Apache Software Foundation Apache InLong:- Version 1.4.0, <= 1.8.0 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.