Maven package
org.apache.inlong/manager-service
pkg:maven/org.apache.inlong/manager-service
Vulnerabilities (10)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2023-35088 | — | >= 1.4.0, < 1.8.0 | 1.8.0 | Jul 25, 2023 | Improper Neutralization of Special Elements Used in an SQL Command ('SQL Injection') vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.4.0 through 1.7.0. In the toAuditCkSql method, the groupId, streamId, auditId, and dt are direc | ||
| CVE-2023-31062 | — | >= 1.2.0, < 1.7.0 | 1.7.0 | May 22, 2023 | Improper Privilege Management Vulnerabilities in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.2.0 through 1.6.0. When the attacker has access to a valid (but unprivileged) account, the exploit can be executed using Burp Suite by sending a log | ||
| CVE-2023-31065 | — | >= 1.4.0, < 1.7.0 | 1.7.0 | May 22, 2023 | Insufficient Session Expiration vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.4.0 through 1.6.0. An old session can be used by an attacker even after the user has been deleted or the password has been changed. Users are ad | ||
| CVE-2023-31066 | — | >= 1.4.0, < 1.7.0 | 1.7.0 | May 22, 2023 | Files or Directories Accessible to External Parties vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.4.0 through 1.6.0. Different users in InLong could delete, edit, stop, and start others' sources! Users are advised to upgrade to | ||
| CVE-2023-31101 | — | >= 1.5.0, < 1.7.0 | 1.7.0 | May 22, 2023 | Insecure Default Initialization of Resource Vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.5.0 through 1.6.0. Users registered in InLong who joined later can see deleted users' data. Users are advised to upgrade to Apache InLon | ||
| CVE-2023-31103 | — | >= 1.4.0, < 1.7.0 | 1.7.0 | May 22, 2023 | Exposure of Resource to Wrong Sphere Vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.4.0 through 1.6.0. Attackers can change the immutable name and type of cluster of InLong. Users are advised to upgrade to Apache InLong's 1.7.0 | ||
| CVE-2023-31206 | — | >= 1.4.0, < 1.7.0 | 1.7.0 | May 22, 2023 | Exposure of Resource to Wrong Sphere Vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.4.0 through 1.6.0. Attackers can change the immutable name and type of nodes of InLong. Users are advised to upgrade to Apache InLong's 1.7.0 or | ||
| CVE-2023-31453 | — | >= 1.2.0, < 1.7.0 | 1.7.0 | May 22, 2023 | Incorrect Permission Assignment for Critical Resource Vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.2.0 through 1.6.0. The attacker can delete others' subscriptions, even if they are not the owner of the deleted subscription. U | ||
| CVE-2023-31454 | — | >= 1.2.0, < 1.7.0 | 1.7.0 | May 22, 2023 | Incorrect Permission Assignment for Critical Resource Vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.2.0 through 1.6.0. The attacker can bind any cluster, even if he is not the cluster owner. Users are advised to upgrade to Ap | ||
| CVE-2023-30465 | — | >= 1.4.0, < 1.6.0 | 1.6.0 | Apr 11, 2023 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.4.0 through 1.5.0. By manipulating the "orderType" parameter and the ordering of the returned co |
- CVE-2023-35088Jul 25, 2023affected >= 1.4.0, < 1.8.0fixed 1.8.0
Improper Neutralization of Special Elements Used in an SQL Command ('SQL Injection') vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.4.0 through 1.7.0. In the toAuditCkSql method, the groupId, streamId, auditId, and dt are direc
- CVE-2023-31062May 22, 2023affected >= 1.2.0, < 1.7.0fixed 1.7.0
Improper Privilege Management Vulnerabilities in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.2.0 through 1.6.0. When the attacker has access to a valid (but unprivileged) account, the exploit can be executed using Burp Suite by sending a log
- CVE-2023-31065May 22, 2023affected >= 1.4.0, < 1.7.0fixed 1.7.0
Insufficient Session Expiration vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.4.0 through 1.6.0. An old session can be used by an attacker even after the user has been deleted or the password has been changed. Users are ad
- CVE-2023-31066May 22, 2023affected >= 1.4.0, < 1.7.0fixed 1.7.0
Files or Directories Accessible to External Parties vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.4.0 through 1.6.0. Different users in InLong could delete, edit, stop, and start others' sources! Users are advised to upgrade to
- CVE-2023-31101May 22, 2023affected >= 1.5.0, < 1.7.0fixed 1.7.0
Insecure Default Initialization of Resource Vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.5.0 through 1.6.0. Users registered in InLong who joined later can see deleted users' data. Users are advised to upgrade to Apache InLon
- CVE-2023-31103May 22, 2023affected >= 1.4.0, < 1.7.0fixed 1.7.0
Exposure of Resource to Wrong Sphere Vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.4.0 through 1.6.0. Attackers can change the immutable name and type of cluster of InLong. Users are advised to upgrade to Apache InLong's 1.7.0
- CVE-2023-31206May 22, 2023affected >= 1.4.0, < 1.7.0fixed 1.7.0
Exposure of Resource to Wrong Sphere Vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.4.0 through 1.6.0. Attackers can change the immutable name and type of nodes of InLong. Users are advised to upgrade to Apache InLong's 1.7.0 or
- CVE-2023-31453May 22, 2023affected >= 1.2.0, < 1.7.0fixed 1.7.0
Incorrect Permission Assignment for Critical Resource Vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.2.0 through 1.6.0. The attacker can delete others' subscriptions, even if they are not the owner of the deleted subscription. U
- CVE-2023-31454May 22, 2023affected >= 1.2.0, < 1.7.0fixed 1.7.0
Incorrect Permission Assignment for Critical Resource Vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.2.0 through 1.6.0. The attacker can bind any cluster, even if he is not the cluster owner. Users are advised to upgrade to Ap
- CVE-2023-30465Apr 11, 2023affected >= 1.4.0, < 1.6.0fixed 1.6.0
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.4.0 through 1.5.0. By manipulating the "orderType" parameter and the ordering of the returned co