{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/45568?format=json","vulnerability_id":"VCID-yajh-8gux-3bfe","summary":"Incorrect Permission Assignment for Critical Resource Vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.2.0 through 1.6.0. The attacker can delete others' subscriptions, even if they are not the owner\nof the deleted subscription. Users are advised to upgrade to Apache InLong's 1.7.0 or cherry-pick [1] to solve it.\n\n[1] \n\n https://github.com/apache/inlong/pull/7949 https://github.com/apache/inlong/pull/7949","aliases":[{"alias":"CVE-2023-31453"},{"alias":"GHSA-8rjh-3mhm-966q"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/65167?format=json","purl":"pkg:maven/org.apache.inlong/manager-service@1.7.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.inlong/manager-service@1.7.0"},{"url":"http://public2.vulnerablecode.io/api/packages/65155?format=json","purl":"pkg:maven/org.apache.inlong/manager-web@1.7.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.inlong/manager-web@1.7.0"}],"affected_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/65904?format=json","purl":"pkg:maven/org.apache.inlong/manager-service@1.2.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-35x3-1q7f-eqcb"},{"vulnerability":"VCID-rcbv-vgws-ykb5"},{"vulnerability":"VCID-yajh-8gux-3bfe"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.inlong/manager-service@1.2.0"},{"url":"http://public2.vulnerablecode.io/api/packages/65915?format=json","purl":"pkg:maven/org.apache.inlong/manager-web@1.2.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-35x3-1q7f-eqcb"},{"vulnerability":"VCID-yajh-8gux-3bfe"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.inlong/manager-web@1.2.0"}],"references":[{"reference_url":"https://github.com/apache/inlong/pull/7949","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/inlong/pull/7949"},{"reference_url":"https://lists.apache.org/thread/9nz8o2skgc5230w276h4w92j0zstnl06","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread/9nz8o2skgc5230w276h4w92j0zstnl06"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-31453","reference_id":"CVE-2023-31453","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-31453"},{"reference_url":"https://github.com/advisories/GHSA-8rjh-3mhm-966q","reference_id":"GHSA-8rjh-3mhm-966q","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-8rjh-3mhm-966q"}],"weaknesses":[{"cwe_id":1035,"name":"OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities","description":"Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017."},{"cwe_id":732,"name":"Incorrect Permission Assignment for Critical Resource","description":"The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors."},{"cwe_id":937,"name":"OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities","description":"Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013."}],"exploits":[],"severity_range_score":null,"exploitability":null,"weighted_severity":null,"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-yajh-8gux-3bfe"}