VYPR
Critical severityNVD Advisory· Published May 22, 2023· Updated Oct 9, 2024

Apache InLong: Insufficient Session Expiration in InLong

CVE-2023-31065

Description

Insufficient Session Expiration vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.4.0 through 1.6.0.

An old session can be used by an attacker even after the user has been deleted or the password has been changed.

Users are advised to upgrade to Apache InLong's 1.7.0 or cherry-pick https://github.com/apache/inlong/pull/7836 https://github.com/apache/inlong/pull/7836 , https://github.com/apache/inlong/pull/7884 https://github.com/apache/inlong/pull/7884 to solve it.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
org.apache.inlong:manager-pojoMaven
>= 1.4.0, < 1.7.01.7.0
org.apache.inlong:manager-daoMaven
>= 1.4.0, < 1.7.01.7.0
org.apache.inlong:manager-webMaven
>= 1.4.0, < 1.7.01.7.0
org.apache.inlong:manager-serviceMaven
>= 1.4.0, < 1.7.01.7.0

Affected products

5

Patches

Vulnerability mechanics

References

5

News mentions

0

No linked articles in our index yet.