Home > Vulnerability Database > CVE-2023-34189

Mend.io Vulnerability Database

CVE-2023-34189

Good to know:

Date: July 25, 2023

Exposure of Resource to Wrong Sphere Vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.4.0 through 1.7.0. The attacker could use general users to delete and update the process, which only the admin can operate occurrences. Users are advised to upgrade to Apache InLong's 1.8.0 or cherry-pick https://github.com/apache/inlong/pull/8109 to solve it.

Language: Java

Severity Score

6.5

Related Resources (4)

Url: https://nvd.nist.gov/vuln/detail/CVE-2023-34189

Url: https://lists.apache.org/thread/smxqyx43hxjvzv4w71n2n3rfho9p378s

Url: http://www.openwall.com/lists/oss-security/2023/07/25/2

Url: https://www.mend.io/vulnerability-database/CVE-2023-34189

Severity Score

6.5

Weakness Type (CWE)

Exposure of Resource to Wrong Sphere

CWE-668

Top Fix

Upgrade Version

Upgrade to version org.apache.inlong:manager-service:1.8.0

Learn More

CVSS v3.1

Base Score:	6.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	HIGH
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2023-34189

Good to know:

Date: July 25, 2023

Language: Java

Severity Score

Related Resources (4)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?