CVE-2023-31101

Published: May 22, 2023Modified: Nov 21, 2024

6.5

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Exploitability: 2.8 / Impact: 3.6

Source: NVD

Description

Insecure Default Initialization of Resource Vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.5.0 through 1.6.0. Users registered in InLong who joined later can see deleted users' data. Users are advised to upgrade to Apache InLong's 1.7.0 or cherry-pick https://github.com/apache/inlong/pull/7836 https://github.com/apache/inlong/pull/7836 to solve it.

Affected (2)

Products: Apache: Inlong

1 product

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Apache Inlong	Version 1.5.0
Apache Inlong	Version 1.6.0

Related CWEs

Initialization of a Resource with an Insecure Default

The product initializes or sets a resource with a default that is intended to be changed by the administrator, but the default is not secure.

References (2)

https://lists.apache.org/thread/shvwwr6toqz5rr39rwh4k03z08sh9jmr

Source: security@apache.org

Mailing ListVendor Advisory

https://lists.apache.org/thread/shvwwr6toqz5rr39rwh4k03z08sh9jmr

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListVendor Advisory

Timeline

No history available yet.