Vulnerability Details : CVE-2023-34189
Exposure of Resource to Wrong Sphere Vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.4.0 through 1.7.0. The attacker could use general users to delete and update the process, which only the admin can operate occurrences.
Users are advised to upgrade to Apache InLong's 1.8.0 or cherry-pick https://github.com/apache/inlong/pull/8109 to solve it.
Products affected by CVE-2023-34189
- cpe:2.3:a:apache:inlong:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2023-34189
0.09%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 40 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2023-34189
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
6.5
|
MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N |
2.8
|
3.6
|
NIST |
CWE ids for CVE-2023-34189
-
The product exposes a resource to the wrong control sphere, providing unintended actors with inappropriate access to the resource.Assigned by: security@apache.org (Primary)
References for CVE-2023-34189
-
https://lists.apache.org/thread/smxqyx43hxjvzv4w71n2n3rfho9p378s
CVE-2023-34189: Apache InLong: General user can delete and update process-Apache Mail ArchivesMailing List;Vendor Advisory
-
http://www.openwall.com/lists/oss-security/2023/07/25/2
oss-security - CVE-2023-34189: Apache InLong: General user can delete and update processMailing List;Third Party Advisory
Jump to