Description
Incorrect Permission Assignment for Critical Resource Vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.2.0 through 1.6.0. The attacker can delete others' subscriptions, even if they are not the owner of the deleted subscription. Users are advised to upgrade to Apache InLong's 1.7.0 or cherry-pick [1] to solve it. [1] https://github.com/apache/inlong/pull/7949 https://github.com/apache/inlong/pull/7949
Remediation
References
https://lists.apache.org/thread/9nz8o2skgc5230w276h4w92j0zstnl06
Related Vulnerabilities
CVE-2021-22114 Vulnerability in maven package org.springframework.integration:spring-integration-zip
CVE-2019-10312 Vulnerability in maven package org.jenkins-ci.plugins:ansible-tower
CVE-2021-35516 Vulnerability in maven package org.apache.commons:commons-compress
CVE-2019-10334 Vulnerability in maven package org.jenkins-ci.plugins:electricflow
CVE-2023-39151 Vulnerability in maven package org.jenkins-ci.main:jenkins-core