{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2023-31453","assignerOrgId":"f0158376-9dc2-43b6-827c-5f631a4d8d09","state":"PUBLISHED","assignerShortName":"apache","dateReserved":"2023-04-28T09:51:46.162Z","datePublished":"2023-05-22T13:25:47.820Z","dateUpdated":"2024-10-11T13:46:50.433Z"},"containers":{"cna":{"affected":[{"defaultStatus":"unaffected","product":"Apache InLong","vendor":"Apache Software Foundation","versions":[{"lessThanOrEqual":"1.6.0","status":"affected","version":"1.2.0","versionType":"semver"}]}],"descriptions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"Incorrect Permission Assignment for Critical Resource Vulnerability in Apache Software Foundation Apache InLong.<p>This issue affects Apache InLong: from 1.2.0 through 1.6.0. The&nbsp;<span style=\"background-color: rgb(255, 255, 255);\">attacker can delete others' subscriptions, even if they are not the owner\nof the deleted subscription</span><span style=\"background-color: rgb(255, 255, 255);\">.&nbsp;</span>Users are advised to upgrade to Apache InLong's 1.7.0 or cherry-pick [1] to solve it.</p><p>[1] <a target=\"_blank\" rel=\"nofollow\" href=\"https://github.com/apache/inlong/pull/7949\">\n\n</a><a target=\"_blank\" rel=\"nofollow\" href=\"https://github.com/apache/inlong/pull/7949\">https://github.com/apache/inlong/pull/7949</a>\n\n</p>\n\n<p></p>"}],"value":"Incorrect Permission Assignment for Critical Resource Vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.2.0 through 1.6.0. The attacker can delete others' subscriptions, even if they are not the owner\nof the deleted subscription. Users are advised to upgrade to Apache InLong's 1.7.0 or cherry-pick [1] to solve it.\n\n[1] \n\n https://github.com/apache/inlong/pull/7949 https://github.com/apache/inlong/pull/7949 \n\n\n\n\n\n\n\n"}],"metrics":[{"other":{"content":{"text":"important"},"type":"Textual description of severity"}}],"problemTypes":[{"descriptions":[{"cweId":"CWE-732","description":"CWE-732 Incorrect Permission Assignment for Critical Resource","lang":"en","type":"CWE"}]}],"providerMetadata":{"orgId":"f0158376-9dc2-43b6-827c-5f631a4d8d09","shortName":"apache","dateUpdated":"2023-05-22T13:25:47.820Z"},"references":[{"tags":["vendor-advisory"],"url":"https://lists.apache.org/thread/9nz8o2skgc5230w276h4w92j0zstnl06"}],"source":{"discovery":"UNKNOWN"},"title":"Apache InLong: IDOR make users can delete others' subscription","x_generator":{"engine":"Vulnogram 0.1.0-dev"}},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-02T14:53:31.072Z"},"title":"CVE Program Container","references":[{"tags":["vendor-advisory","x_transferred"],"url":"https://lists.apache.org/thread/9nz8o2skgc5230w276h4w92j0zstnl06"}]},{"affected":[{"vendor":"apache","product":"inlong","cpes":["cpe:2.3:a:apache:inlong:*:*:*:*:*:*:*:*"],"defaultStatus":"unknown","versions":[{"version":"1.2.0","status":"affected","lessThanOrEqual":"1.6.0","versionType":"custom"}]}],"metrics":[{"cvssV3_1":{"scope":"UNCHANGED","version":"3.1","baseScore":7.5,"attackVector":"NETWORK","baseSeverity":"HIGH","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N","integrityImpact":"HIGH","userInteraction":"NONE","attackComplexity":"LOW","availabilityImpact":"NONE","privilegesRequired":"NONE","confidentialityImpact":"NONE"}},{"other":{"type":"ssvc","content":{"timestamp":"2024-10-11T13:45:51.359098Z","id":"CVE-2023-31453","options":[{"Exploitation":"none"},{"Automatable":"yes"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2024-10-11T13:46:50.433Z"}}]}}