Description
Exposure of Resource to Wrong Sphere Vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.4.0 through 1.7.0. The attacker could use general users to delete and update the process, which only the admin can operate occurrences. Users are advised to upgrade to Apache InLong's 1.8.0 or cherry-pick https://github.com/apache/inlong/pull/8109 to solve it.
Remediation
References
http://www.openwall.com/lists/oss-security/2023/07/25/2
https://lists.apache.org/thread/smxqyx43hxjvzv4w71n2n3rfho9p378s
Related Vulnerabilities
CVE-2023-35142 Vulnerability in maven package com.checkmarx.jenkins:checkmarx
CVE-2020-7660 Vulnerability in npm package serialize-javascript
CVE-2023-30465 Vulnerability in maven package org.apache.inlong:manager-pojo
CVE-2022-33987 Vulnerability in maven package org.webjars.npm:got
CVE-2020-7753 Vulnerability in maven package org.webjars.npm:trim