{"url":"http://public2.vulnerablecode.io/api/packages/65904?format=json","purl":"pkg:maven/org.apache.inlong/manager-service@1.2.0","type":"maven","namespace":"org.apache.inlong","name":"manager-service","version":"1.2.0","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"1.6.0","latest_non_vulnerable_version":"1.8.0","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/45555?format=json","vulnerability_id":"VCID-35x3-1q7f-eqcb","summary":"Improper Privilege Management Vulnerabilities in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.2.0 through 1.6.0.  When the attacker has access to a valid (but unprivileged) account, the exploit can be executed using Burp Suite by sending a login\nrequest and following it with a subsequent HTTP request\nusing the returned cookie.\n\nUsers are advised to upgrade to Apache InLong's 1.7.0 or cherry-pick https://github.com/apache/inlong/pull/7836 https://github.com/apache/inlong/pull/7836 to solve it.","references":[{"reference_url":"https://github.com/apache/inlong","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/inlong"},{"reference_url":"https://github.com/apache/inlong/pull/7836","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/inlong/pull/7836"},{"reference_url":"https://lists.apache.org/thread/btorjbo9o71h22tcvxzy076022hjdzq0","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread/btorjbo9o71h22tcvxzy076022hjdzq0"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-31062","reference_id":"CVE-2023-31062","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-31062"},{"reference_url":"https://github.com/advisories/GHSA-q5p5-xg93-2jqc","reference_id":"GHSA-q5p5-xg93-2jqc","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-q5p5-xg93-2jqc"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/65167?format=json","purl":"pkg:maven/org.apache.inlong/manager-service@1.7.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.inlong/manager-service@1.7.0"}],"aliases":["CVE-2023-31062","GHSA-q5p5-xg93-2jqc"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-35x3-1q7f-eqcb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/45586?format=json","vulnerability_id":"VCID-rcbv-vgws-ykb5","summary":"Incorrect Permission Assignment for Critical Resource Vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.2.0 through 1.6.0. \n\nThe attacker can bind any cluster, even if he is not the cluster owner. Users are advised to upgrade to Apache InLong's 1.7.0 or cherry-pick [1] to solve it.[1]\n\n https://github.com/apache/inlong/pull/7947 https://github.com/apache/inlong/pull/7947","references":[{"reference_url":"https://github.com/apache/inlong","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/inlong"},{"reference_url":"https://github.com/apache/inlong/pull/7947","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/inlong/pull/7947"},{"reference_url":"https://lists.apache.org/thread/nqt1tr6pbq8q4b033d7sg5gltx5pmjgl","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread/nqt1tr6pbq8q4b033d7sg5gltx5pmjgl"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-31454","reference_id":"CVE-2023-31454","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-31454"},{"reference_url":"https://github.com/advisories/GHSA-rf76-whgp-fp56","reference_id":"GHSA-rf76-whgp-fp56","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-rf76-whgp-fp56"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/65167?format=json","purl":"pkg:maven/org.apache.inlong/manager-service@1.7.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.inlong/manager-service@1.7.0"}],"aliases":["CVE-2023-31454","GHSA-rf76-whgp-fp56"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-rcbv-vgws-ykb5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/45568?format=json","vulnerability_id":"VCID-yajh-8gux-3bfe","summary":"Incorrect Permission Assignment for Critical Resource Vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.2.0 through 1.6.0. The attacker can delete others' subscriptions, even if they are not the owner\nof the deleted subscription. Users are advised to upgrade to Apache InLong's 1.7.0 or cherry-pick [1] to solve it.\n\n[1] \n\n https://github.com/apache/inlong/pull/7949 https://github.com/apache/inlong/pull/7949","references":[{"reference_url":"https://github.com/apache/inlong","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/inlong"},{"reference_url":"https://github.com/apache/inlong/pull/7949","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/inlong/pull/7949"},{"reference_url":"https://lists.apache.org/thread/9nz8o2skgc5230w276h4w92j0zstnl06","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread/9nz8o2skgc5230w276h4w92j0zstnl06"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-31453","reference_id":"CVE-2023-31453","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-31453"},{"reference_url":"https://github.com/advisories/GHSA-8rjh-3mhm-966q","reference_id":"GHSA-8rjh-3mhm-966q","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-8rjh-3mhm-966q"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/65167?format=json","purl":"pkg:maven/org.apache.inlong/manager-service@1.7.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.inlong/manager-service@1.7.0"}],"aliases":["CVE-2023-31453","GHSA-8rjh-3mhm-966q"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-yajh-8gux-3bfe"}],"fixing_vulnerabilities":[],"risk_score":"4.5","resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.inlong/manager-service@1.2.0"}