Permissions, Privileges, and Access Controls in Apache InLong

#VU78825 Permissions, Privileges, and Access Controls in Apache InLong

Published: 2023-08-01

Vulnerability identifier: #VU78825

Vulnerability risk: Low

CVSSv3.1: 2.7 [CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-31101

CWE-ID: CWE-264

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
Apache InLong
Server applications / Other server solutions

Vendor: Apache Foundation

Description

The vulnerability allows a remote user to gain access to sensitive information.

The vulnerability exists due to an error in the way new user registrations are handled. A remote newly registered user can see data of previously deleted users.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

Apache InLong: 1.5.0 - 1.6.0

External links
http://lists.apache.org/thread/shvwwr6toqz5rr39rwh4k03z08sh9jmr
http://github.com/apache/inlong/pull/7836

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Multiple vulnerabilities in Apache InLong