What is CVE-2023-31062?

CVE-2023-31062 is an improper privilege management vulnerability in Apache Software Foundation Apache InLong.

How does CVE-2023-31062 affect Apache InLong?

CVE-2023-31062 affects Apache InLong versions 1.2.0 through 1.6.0.

What is the severity of CVE-2023-31062?

CVE-2023-31062 has a severity rating of critical.

How can an attacker exploit CVE-2023-31062?

An attacker with access to a valid (but unprivileged) account can exploit CVE-2023-31062 using Burp Suite by sending a login request and following certain steps.

Is there a fix available for CVE-2023-31062?

Yes, a fix for CVE-2023-31062 is available. Please refer to the official Apache Software Foundation advisory for more information.

Vulnerability/
CVE-2023-31062

critical

9.8

CWE

269

22/5/2023

9/10/2024

CVE-2023-31062: Apache InLong: Privilege escalation vulnerability for InLong

First published: Mon May 22 2023(Updated: )

Improper Privilege Management Vulnerabilities in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.2.0 through 1.6.0. When the attacker has access to a valid (but unprivileged) account, the exploit can be executed using Burp Suite by sending a login request and following it with a subsequent HTTP request using the returned cookie. Users are advised to upgrade to Apache InLong's 1.7.0 or cherry-pick https://github.com/apache/inlong/pull/7836 https://github.com/apache/inlong/pull/7836 to solve it.

Credit: security@apache.org security@apache.org

Affected Software	Affected Version	How to fix
Apache InLong	>=1.2.0<=1.6.0

Never miss a vulnerability like this again

Reference Links

https://lists.apache.org/thread/btorjbo9o71h22tcvxzy076022hjdzq0

Frequently Asked Questions

What is CVE-2023-31062?
CVE-2023-31062 is an improper privilege management vulnerability in Apache Software Foundation Apache InLong.
How does CVE-2023-31062 affect Apache InLong?
CVE-2023-31062 affects Apache InLong versions 1.2.0 through 1.6.0.
What is the severity of CVE-2023-31062?
CVE-2023-31062 has a severity rating of critical.
How can an attacker exploit CVE-2023-31062?
An attacker with access to a valid (but unprivileged) account can exploit CVE-2023-31062 using Burp Suite by sending a login request and following certain steps.
Is there a fix available for CVE-2023-31062?
Yes, a fix for CVE-2023-31062 is available. Please refer to the official Apache Software Foundation advisory for more information.

collector/nvd-index
agent/type
agent/softwarecombine
agent/author
agent/title
agent/weakness
agent/severity
agent/references
agent/first-publish-date
agent/description
agent/event
agent/tags
collector/mitre-cve
source/MITRE
agent/last-modified-date
collector/nvd-api
source/NVD
agent/software-canonical-lookup
vendor/apache
canonical/apache inlong
version/apache inlong/1.2.0
version/apache inlong/1.6.0

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.