CVE-2023-31065

Insufficient Session Expiration vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.4.0 through 1.6.0.  An old session can be used by an attacker even after the user has been deleted or the password has been changed. Users are advised to upgrade to Apache InLong's 1.7.0 or cherry-pick https://github.com/apache/inlong/pull/7836 https://github.com/apache/inlong/pull/7836 , https://github.com/apache/inlong/pull/7884 https://github.com/apache/inlong/pull/7884 to solve it.
References
Link Resource
https://lists.apache.org/thread/to7o0n2cks0omtwo6mhh5cs2vfdbplqf Mailing List Vendor Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:apache:inlong:*:*:*:*:*:*:*:*

History

27 May 2023, 03:21

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 9.1
CPE cpe:2.3:a:apache:inlong:*:*:*:*:*:*:*:*
References (MISC) https://lists.apache.org/thread/to7o0n2cks0omtwo6mhh5cs2vfdbplqf - (MISC) https://lists.apache.org/thread/to7o0n2cks0omtwo6mhh5cs2vfdbplqf - Mailing List, Vendor Advisory

22 May 2023, 16:15

Type Values Removed Values Added
New CVE

Information

Published : 2023-05-22 16:15

Updated : 2024-10-09 18:35


NVD link : CVE-2023-31065

Mitre link : CVE-2023-31065

CVE.ORG link : CVE-2023-31065


JSON object : View

Products Affected

apache

  • inlong
CWE
CWE-613

Insufficient Session Expiration