Improper access control in Apache InLong

#VU78827 Improper access control in Apache InLong

Published: 2023-08-01

Vulnerability identifier: #VU78827

Vulnerability risk: Medium

CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-31066

CWE-ID: CWE-284

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
Apache InLong
Server applications / Other server solutions

Vendor: Apache Foundation

Description

The vulnerability allows a remote user to gain unauthorized access to otherwise restricted functionality.

The vulnerability exists due to improper access restrictions. A remote user can bypass implemented security restrictions and delete, edit, stop, and start others' sources.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

Apache InLong: 1.4.0 - 1.6.0

External links
http://lists.apache.org/thread/x7y05wo37sq5l9fnmmsjh2dr9kcjrcxf
http://github.com/apache/inlong/pull/7775

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Multiple vulnerabilities in Apache InLong