CVE-2023-34189 Vulnerability Details

  /     /     /  

CVE-2023-34189 Metadata Quick Info

CVE Published: 25/07/2023 | CVE Updated: 02/10/2024 | CVE Year: 2023
Source: apache | Vendor: Apache Software Foundation | Product: Apache InLong
Status : PUBLISHED

---

CVE-2023-34189 Description

Exposure of Resource to Wrong Sphere Vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.4.0 through 1.7.0. The attacker could use general users to delete and update the process, which only the admin can operate occurrences.  Users are advised to upgrade to Apache InLong\'s 1.8.0 or cherry-pick https://github.com/apache/inlong/pull/8109  to solve it.

Metrics

CVSS Version: 3.1 | Base Score: n/a
Vector: n/a

l➤ Exploitability Metrics:
    Attack Vector (AV)*
    Attack Complexity (AC)*
    Privileges Required (PR)*
    User Interaction (UI)*
    Scope (S)*

l➤ Impact Metrics:
    Confidentiality Impact (C)*
    Integrity Impact (I)*
    Availability Impact (A)*

Weakness Enumeration (CWE)

CWE-ID: CWE-668
CWE Name: CWE-668 Exposure of Resource to Wrong Sphere
Source: Apache Software Foundation

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID:
CAPEC Description:


Source: NVD (National Vulnerability Database).