VulnerableCode Package Details - pkg:maven/org.apache.inlong/manager-service@1.2.0

Search for packages

Vulnerability	Summary	Fixed by
VCID-35x3-1q7f-eqcb Aliases: CVE-2023-31062 GHSA-q5p5-xg93-2jqc	Improper Privilege Management Vulnerabilities in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.2.0 through 1.6.0. When the attacker has access to a valid (but unprivileged) account, the exploit can be executed using Burp Suite by sending a login request and following it with a subsequent HTTP request using the returned cookie. Users are advised to upgrade to Apache InLong's 1.7.0 or cherry-pick https://github.com/apache/inlong/pull/7836 https://github.com/apache/inlong/pull/7836 to solve it.	1.7.0 Affected by 0 other vulnerabilities.
VCID-rcbv-vgws-ykb5 Aliases: CVE-2023-31454 GHSA-rf76-whgp-fp56	Incorrect Permission Assignment for Critical Resource Vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.2.0 through 1.6.0. The attacker can bind any cluster, even if he is not the cluster owner. Users are advised to upgrade to Apache InLong's 1.7.0 or cherry-pick [1] to solve it.[1] https://github.com/apache/inlong/pull/7947 https://github.com/apache/inlong/pull/7947	1.7.0 Affected by 0 other vulnerabilities.
VCID-yajh-8gux-3bfe Aliases: CVE-2023-31453 GHSA-8rjh-3mhm-966q	Incorrect Permission Assignment for Critical Resource Vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.2.0 through 1.6.0. The attacker can delete others' subscriptions, even if they are not the owner of the deleted subscription. Users are advised to upgrade to Apache InLong's 1.7.0 or cherry-pick [1] to solve it. [1] https://github.com/apache/inlong/pull/7949 https://github.com/apache/inlong/pull/7949	1.7.0 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-35x3-1q7f-eqcb
Aliases:
CVE-2023-31062
GHSA-q5p5-xg93-2jqc

Improper Privilege Management Vulnerabilities in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.2.0 through 1.6.0. When the attacker has access to a valid (but unprivileged) account, the exploit can be executed using Burp Suite by sending a login request and following it with a subsequent HTTP request using the returned cookie. Users are advised to upgrade to Apache InLong's 1.7.0 or cherry-pick https://github.com/apache/inlong/pull/7836 https://github.com/apache/inlong/pull/7836 to solve it.

1.7.0
Affected by 0 other vulnerabilities.

VCID-rcbv-vgws-ykb5
Aliases:
CVE-2023-31454
GHSA-rf76-whgp-fp56

Incorrect Permission Assignment for Critical Resource Vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.2.0 through 1.6.0. The attacker can bind any cluster, even if he is not the cluster owner. Users are advised to upgrade to Apache InLong's 1.7.0 or cherry-pick [1] to solve it.[1] https://github.com/apache/inlong/pull/7947 https://github.com/apache/inlong/pull/7947

1.7.0
Affected by 0 other vulnerabilities.

VCID-yajh-8gux-3bfe
Aliases:
CVE-2023-31453
GHSA-8rjh-3mhm-966q

Incorrect Permission Assignment for Critical Resource Vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.2.0 through 1.6.0. The attacker can delete others' subscriptions, even if they are not the owner of the deleted subscription. Users are advised to upgrade to Apache InLong's 1.7.0 or cherry-pick [1] to solve it. [1] https://github.com/apache/inlong/pull/7949 https://github.com/apache/inlong/pull/7949

1.7.0
Affected by 0 other vulnerabilities.

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Vulnerability

Summary

Aliases

This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-06-02T04:45:18.599601+00:00	GitLab Importer	Affected by	VCID-rcbv-vgws-ykb5	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.inlong/manager-service/CVE-2023-31454.yml	38.6.0
2026-06-02T04:45:18.058928+00:00	GitLab Importer	Affected by	VCID-yajh-8gux-3bfe	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.inlong/manager-service/CVE-2023-31453.yml	38.6.0
2026-06-02T04:45:16.410798+00:00	GitLab Importer	Affected by	VCID-35x3-1q7f-eqcb	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.inlong/manager-service/CVE-2023-31062.yml	38.6.0