CVE-2023-43668
Apache InLong: Jdbc Connection Security Bypass in InLong
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Authorization Bypass Through User-Controlled Key vulnerability in Apache InLong.This issue affects Apache InLong: from 1.4.0 through 1.8.0,
some sensitive params checks will be bypassed, like "autoDeserizalize","allowLoadLocalInfile"....
.
Users are advised to upgrade to Apache InLong's 1.9.0 or cherry-pick [1] to solve it.
[1] https://github.com/apache/inlong/pull/8604
Vulnerabilidad de Omisión de Autorización a Través de la Clave Controlada por el Usuario en Apache InLong. Este problema afecta a Apache InLong: desde 1.4.0 hasta 1.8.0, se omitirán algunas comprobaciones de parámetros confidenciales, como ""autoDeserizalize"", ""allowLoadLocalInfile"".... Se recomienda a los usuarios actualizar a Apache InLong 1.9.0 o al cherry-pick [1] para resolverlo.
[1] https://github.com/apache/inlong/pull/8604
CVSS Scores
SSVC
- Decision:Attend
Timeline
- 2023-09-21 CVE Reserved
- 2023-10-16 CVE Published
- 2024-09-16 CVE Updated
- 2024-10-22 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-639: Authorization Bypass Through User-Controlled Key
CAPEC
References (1)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://lists.apache.org/thread/16gtk7rpdm1rof075ro83fkrnhbzn5sh | 2023-11-14 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Apache Search vendor "Apache" | Inlong Search vendor "Apache" for product "Inlong" | >= 1.4.0 <= 1.8.0 Search vendor "Apache" for product "Inlong" and version " >= 1.4.0 <= 1.8.0" | - |
Affected
| ||||||