CVE-2023-34189

EUVD-2023-1999
Exposure of Resource to Wrong Sphere Vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.4.0 through 1.7.0. The attacker could use general users to delete and update the process, which only the admin can operate occurrences. 

Users are advised to upgrade to Apache InLong's 1.8.0 or cherry-pick  https://github.com/apache/inlong/pull/8109  to solve it.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.5 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 28%
Affected Products (NVD)
VendorProductVersion
apacheinlong
1.4.0 ≤
𝑥
≤ 1.7.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www.openwall.com/lists/oss-security/2023/07/25/2
https://lists.apache.org/thread/smxqyx43hxjvzv4w71n2n3rfho9p378s
http://www.openwall.com/lists/oss-security/2023/07/25/2
https://lists.apache.org/thread/smxqyx43hxjvzv4w71n2n3rfho9p378s