Vulnerability-Lookup

CVE-2023-31065 (GCVE-0-2023-31065)

Vulnerability from cvelistv5 – Published: 2023-05-22 15:40 – Updated: 2024-10-09 17:18

Title

Apache InLong: Insufficient Session Expiration in InLong

Summary

Insufficient Session Expiration vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.4.0 through 1.6.0. An old session can be used by an attacker even after the user has been deleted or the password has been changed. Users are advised to upgrade to Apache InLong's 1.7.0 or cherry-pick https://github.com/apache/inlong/pull/7836 https://github.com/apache/inlong/pull/7836 , https://github.com/apache/inlong/pull/7884 https://github.com/apache/inlong/pull/7884 to solve it.

Severity ?

No CVSS data available.

CWE

CWE-613 - Insufficient Session Expiration

Assigner

apache

References

URL

Tags

https://lists.apache.org/thread/to7o0n2cks0omtwo6…

vendor-advisory

Impacted products

	Vendor	Product	Version
	Apache Software Foundation	Apache InLong	Affected: 1.4.0 , ≤ 1.6.0 (semver)

Credits

lujie.ac.cn

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T14:45:25.116Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread/to7o0n2cks0omtwo6mhh5cs2vfdbplqf"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:apache:inlong:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "inlong",
            "vendor": "apache",
            "versions": [
              {
                "lessThanOrEqual": "1.6.0",
                "status": "affected",
                "version": "1.4.0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "NONE",
              "baseScore": 9.1,
              "baseSeverity": "CRITICAL",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2023-31065",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-09T17:17:58.413780Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-09T17:18:40.599Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Apache InLong",
          "vendor": "Apache Software Foundation",
          "versions": [
            {
              "lessThanOrEqual": "1.6.0",
              "status": "affected",
              "version": "1.4.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "lujie.ac.cn"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Insufficient Session Expiration vulnerability in Apache Software Foundation Apache InLong.\u003cp\u003eThis issue affects Apache InLong: from 1.4.0 through 1.6.0.\u0026nbsp;\n\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eAn old session can be used by an attacker even after the user has been deleted or the password has been changed.\u003c/span\u003e\n\n\nUsers are advised to upgrade to Apache InLong\u0027s 1.7.0 or cherry-pick \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://github.com/apache/inlong/pull/7836\"\u003ehttps://github.com/apache/inlong/pull/7836\u003c/a\u003e, \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://github.com/apache/inlong/pull/7884\"\u003ehttps://github.com/apache/inlong/pull/7884\u003c/a\u003e to solve it.\n\n\u003cbr\u003e\u003c/p\u003e"
            }
          ],
          "value": "Insufficient Session Expiration vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.4.0 through 1.6.0.\u00a0\n\n\nAn old session can be used by an attacker even after the user has been deleted or the password has been changed.\n\n\nUsers are advised to upgrade to Apache InLong\u0027s 1.7.0 or cherry-pick  https://github.com/apache/inlong/pull/7836 https://github.com/apache/inlong/pull/7836 ,  https://github.com/apache/inlong/pull/7884 https://github.com/apache/inlong/pull/7884  to solve it.\n\n\n\n\n"
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "text": "moderate"
            },
            "type": "Textual description of severity"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-613",
              "description": "CWE-613 Insufficient Session Expiration",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-05-22T15:40:56.183Z",
        "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
        "shortName": "apache"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.apache.org/thread/to7o0n2cks0omtwo6mhh5cs2vfdbplqf"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Apache InLong: Insufficient Session Expiration in InLong",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
    "assignerShortName": "apache",
    "cveId": "CVE-2023-31065",
    "datePublished": "2023-05-22T15:40:56.183Z",
    "dateReserved": "2023-04-24T03:18:40.102Z",
    "dateUpdated": "2024-10-09T17:18:40.599Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2023-31065",
      "date": "2026-05-06",
      "epss": "0.00269",
      "percentile": "0.50296"
    },
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:inlong:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"1.4.0\", \"versionEndIncluding\": \"1.6.0\", \"matchCriteriaId\": \"4A7AAC7B-2146-46D9-8FD9-DA2B5903BB6E\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Insufficient Session Expiration vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.4.0 through 1.6.0.\\u00a0\\n\\n\\nAn old session can be used by an attacker even after the user has been deleted or the password has been changed.\\n\\n\\nUsers are advised to upgrade to Apache InLong\u0027s 1.7.0 or cherry-pick  https://github.com/apache/inlong/pull/7836 https://github.com/apache/inlong/pull/7836 ,  https://github.com/apache/inlong/pull/7884 https://github.com/apache/inlong/pull/7884  to solve it.\\n\\n\\n\\n\\n\"}]",
      "id": "CVE-2023-31065",
      "lastModified": "2024-11-21T08:01:20.653",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N\", \"baseScore\": 9.1, \"baseSeverity\": \"CRITICAL\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 5.2}, {\"source\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N\", \"baseScore\": 9.1, \"baseSeverity\": \"CRITICAL\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 5.2}]}",
      "published": "2023-05-22T16:15:10.027",
      "references": "[{\"url\": \"https://lists.apache.org/thread/to7o0n2cks0omtwo6mhh5cs2vfdbplqf\", \"source\": \"security@apache.org\", \"tags\": [\"Mailing List\", \"Vendor Advisory\"]}, {\"url\": \"https://lists.apache.org/thread/to7o0n2cks0omtwo6mhh5cs2vfdbplqf\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Vendor Advisory\"]}]",
      "sourceIdentifier": "security@apache.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"security@apache.org\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-613\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2023-31065\",\"sourceIdentifier\":\"security@apache.org\",\"published\":\"2023-05-22T16:15:10.027\",\"lastModified\":\"2024-11-21T08:01:20.653\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Insufficient Session Expiration vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.4.0 through 1.6.0.\u00a0\\n\\n\\nAn old session can be used by an attacker even after the user has been deleted or the password has been changed.\\n\\n\\nUsers are advised to upgrade to Apache InLong\u0027s 1.7.0 or cherry-pick  https://github.com/apache/inlong/pull/7836 https://github.com/apache/inlong/pull/7836 ,  https://github.com/apache/inlong/pull/7884 https://github.com/apache/inlong/pull/7884  to solve it.\\n\\n\\n\\n\\n\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N\",\"baseScore\":9.1,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":5.2},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N\",\"baseScore\":9.1,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":5.2}]},\"weaknesses\":[{\"source\":\"security@apache.org\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-613\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:inlong:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"1.4.0\",\"versionEndIncluding\":\"1.6.0\",\"matchCriteriaId\":\"4A7AAC7B-2146-46D9-8FD9-DA2B5903BB6E\"}]}]}],\"references\":[{\"url\":\"https://lists.apache.org/thread/to7o0n2cks0omtwo6mhh5cs2vfdbplqf\",\"source\":\"security@apache.org\",\"tags\":[\"Mailing List\",\"Vendor Advisory\"]},{\"url\":\"https://lists.apache.org/thread/to7o0n2cks0omtwo6mhh5cs2vfdbplqf\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Vendor Advisory\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://lists.apache.org/thread/to7o0n2cks0omtwo6mhh5cs2vfdbplqf\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-02T14:45:25.116Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 9.1, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"CRITICAL\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2023-31065\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-10-09T17:17:58.413780Z\"}}}], \"affected\": [{\"cpes\": [\"cpe:2.3:a:apache:inlong:*:*:*:*:*:*:*:*\"], \"vendor\": \"apache\", \"product\": \"inlong\", \"versions\": [{\"status\": \"affected\", \"version\": \"1.4.0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"1.6.0\"}], \"defaultStatus\": \"unknown\"}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-10-09T17:18:36.132Z\"}}], \"cna\": {\"title\": \"Apache InLong: Insufficient Session Expiration in InLong\", \"source\": {\"discovery\": \"UNKNOWN\"}, \"credits\": [{\"lang\": \"en\", \"type\": \"finder\", \"value\": \"lujie.ac.cn\"}], \"metrics\": [{\"other\": {\"type\": \"Textual description of severity\", \"content\": {\"text\": \"moderate\"}}}], \"affected\": [{\"vendor\": \"Apache Software Foundation\", \"product\": \"Apache InLong\", \"versions\": [{\"status\": \"affected\", \"version\": \"1.4.0\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"1.6.0\"}], \"defaultStatus\": \"unaffected\"}], \"references\": [{\"url\": \"https://lists.apache.org/thread/to7o0n2cks0omtwo6mhh5cs2vfdbplqf\", \"tags\": [\"vendor-advisory\"]}], \"x_generator\": {\"engine\": \"Vulnogram 0.1.0-dev\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"Insufficient Session Expiration vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.4.0 through 1.6.0.\\u00a0\\n\\n\\nAn old session can be used by an attacker even after the user has been deleted or the password has been changed.\\n\\n\\nUsers are advised to upgrade to Apache InLong\u0027s 1.7.0 or cherry-pick  https://github.com/apache/inlong/pull/7836 https://github.com/apache/inlong/pull/7836 ,  https://github.com/apache/inlong/pull/7884 https://github.com/apache/inlong/pull/7884  to solve it.\\n\\n\\n\\n\\n\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"Insufficient Session Expiration vulnerability in Apache Software Foundation Apache InLong.\u003cp\u003eThis issue affects Apache InLong: from 1.4.0 through 1.6.0.\u0026nbsp;\\n\\n\\n\u003cspan style=\\\"background-color: rgb(255, 255, 255);\\\"\u003eAn old session can be used by an attacker even after the user has been deleted or the password has been changed.\u003c/span\u003e\\n\\n\\nUsers are advised to upgrade to Apache InLong\u0027s 1.7.0 or cherry-pick \u003ca target=\\\"_blank\\\" rel=\\\"nofollow\\\" href=\\\"https://github.com/apache/inlong/pull/7836\\\"\u003ehttps://github.com/apache/inlong/pull/7836\u003c/a\u003e, \u003ca target=\\\"_blank\\\" rel=\\\"nofollow\\\" href=\\\"https://github.com/apache/inlong/pull/7884\\\"\u003ehttps://github.com/apache/inlong/pull/7884\u003c/a\u003e to solve it.\\n\\n\u003cbr\u003e\u003c/p\u003e\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-613\", \"description\": \"CWE-613 Insufficient Session Expiration\"}]}], \"providerMetadata\": {\"orgId\": \"f0158376-9dc2-43b6-827c-5f631a4d8d09\", \"shortName\": \"apache\", \"dateUpdated\": \"2023-05-22T15:40:56.183Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2023-31065\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-10-09T17:18:40.599Z\", \"dateReserved\": \"2023-04-24T03:18:40.102Z\", \"assignerOrgId\": \"f0158376-9dc2-43b6-827c-5f631a4d8d09\", \"datePublished\": \"2023-05-22T15:40:56.183Z\", \"assignerShortName\": \"apache\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

GSD-2023-31065

Vulnerability from gsd - Updated: 2023-12-13 01:20

Details

Aliases

CVE-2023-31065

Aliases

CVE-2023-31065

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2023-31065",
    "id": "GSD-2023-31065"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2023-31065"
      ],
      "details": "Insufficient Session Expiration vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.4.0 through 1.6.0.\u00a0\n\n\nAn old session can be used by an attacker even after the user has been deleted or the password has been changed.\n\n\nUsers are advised to upgrade to Apache InLong\u0027s 1.7.0 or cherry-pick  https://github.com/apache/inlong/pull/7836 https://github.com/apache/inlong/pull/7836 ,  https://github.com/apache/inlong/pull/7884 https://github.com/apache/inlong/pull/7884  to solve it.\n\n\n\n\n",
      "id": "GSD-2023-31065",
      "modified": "2023-12-13T01:20:29.652801Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "security@apache.org",
        "ID": "CVE-2023-31065",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Apache InLong",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c=",
                          "version_name": "1.4.0",
                          "version_value": "1.6.0"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Apache Software Foundation"
            }
          ]
        }
      },
      "credits": [
        {
          "lang": "en",
          "value": "lujie.ac.cn"
        }
      ],
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Insufficient Session Expiration vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.4.0 through 1.6.0.\u00a0\n\n\nAn old session can be used by an attacker even after the user has been deleted or the password has been changed.\n\n\nUsers are advised to upgrade to Apache InLong\u0027s 1.7.0 or cherry-pick  https://github.com/apache/inlong/pull/7836 https://github.com/apache/inlong/pull/7836 ,  https://github.com/apache/inlong/pull/7884 https://github.com/apache/inlong/pull/7884  to solve it.\n\n\n\n\n"
          }
        ]
      },
      "generator": {
        "engine": "Vulnogram 0.1.0-dev"
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "cweId": "CWE-613",
                "lang": "eng",
                "value": "CWE-613 Insufficient Session Expiration"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://lists.apache.org/thread/to7o0n2cks0omtwo6mhh5cs2vfdbplqf",
            "refsource": "MISC",
            "url": "https://lists.apache.org/thread/to7o0n2cks0omtwo6mhh5cs2vfdbplqf"
          }
        ]
      },
      "source": {
        "discovery": "UNKNOWN"
      }
    },
    "gitlab.com": {
      "advisories": [
        {
          "affected_range": "[1.4.0,1.7.0)",
          "affected_versions": "All versions starting from 1.4.0 before 1.7.0",
          "cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
          "cwe_ids": [
            "CWE-1035",
            "CWE-613",
            "CWE-937"
          ],
          "date": "2023-07-06",
          "description": "Insufficient Session Expiration vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.4.0 through 1.6.0.\u00a0\n\n\nAn old session can be used by an attacker even after the user has been deleted or the password has been changed.\n\n\nUsers are advised to upgrade to Apache InLong\u0027s 1.7.0 or cherry-pick https://github.com/apache/inlong/pull/7836 https://github.com/apache/inlong/pull/7836, https://github.com/apache/inlong/pull/7884 https://github.com/apache/inlong/pull/7884 to solve it.\n\n\n\n\n",
          "fixed_versions": [
            "1.7.0"
          ],
          "identifier": "CVE-2023-31065",
          "identifiers": [
            "GHSA-757p-7hp5-pqmr",
            "CVE-2023-31065"
          ],
          "not_impacted": "All versions before 1.4.0, all versions starting from 1.7.0",
          "package_slug": "maven/org.apache.inlong/manager-dao",
          "pubdate": "2023-07-06",
          "solution": "Upgrade to version 1.7.0 or above.",
          "title": "Insufficient Session Expiration",
          "urls": [
            "https://nvd.nist.gov/vuln/detail/CVE-2023-31065",
            "https://lists.apache.org/thread/to7o0n2cks0omtwo6mhh5cs2vfdbplqf",
            "https://github.com/apache/inlong/pull/7836",
            "https://github.com/apache/inlong/pull/7884",
            "https://github.com/advisories/GHSA-757p-7hp5-pqmr"
          ],
          "uuid": "69cbaa2c-baa8-447f-8622-2eb352c81fe5"
        },
        {
          "affected_range": "[1.4.0,1.7.0)",
          "affected_versions": "All versions starting from 1.4.0 before 1.7.0",
          "cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
          "cwe_ids": [
            "CWE-1035",
            "CWE-613",
            "CWE-937"
          ],
          "date": "2023-07-06",
          "description": "Insufficient Session Expiration vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.4.0 through 1.6.0.\u00a0\n\n\nAn old session can be used by an attacker even after the user has been deleted or the password has been changed.\n\n\nUsers are advised to upgrade to Apache InLong\u0027s 1.7.0 or cherry-pick https://github.com/apache/inlong/pull/7836 https://github.com/apache/inlong/pull/7836, https://github.com/apache/inlong/pull/7884 https://github.com/apache/inlong/pull/7884 to solve it.\n\n\n\n\n",
          "fixed_versions": [
            "1.7.0"
          ],
          "identifier": "CVE-2023-31065",
          "identifiers": [
            "GHSA-757p-7hp5-pqmr",
            "CVE-2023-31065"
          ],
          "not_impacted": "All versions before 1.4.0, all versions starting from 1.7.0",
          "package_slug": "maven/org.apache.inlong/manager-pojo",
          "pubdate": "2023-07-06",
          "solution": "Upgrade to version 1.7.0 or above.",
          "title": "Insufficient Session Expiration",
          "urls": [
            "https://nvd.nist.gov/vuln/detail/CVE-2023-31065",
            "https://lists.apache.org/thread/to7o0n2cks0omtwo6mhh5cs2vfdbplqf",
            "https://github.com/apache/inlong/pull/7836",
            "https://github.com/apache/inlong/pull/7884",
            "https://github.com/advisories/GHSA-757p-7hp5-pqmr"
          ],
          "uuid": "8810ec49-79af-4d16-8921-f4e21ad48fbd"
        },
        {
          "affected_range": "[1.4.0,1.7.0)",
          "affected_versions": "All versions starting from 1.4.0 before 1.7.0",
          "cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
          "cwe_ids": [
            "CWE-1035",
            "CWE-613",
            "CWE-937"
          ],
          "date": "2023-07-06",
          "description": "Insufficient Session Expiration vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.4.0 through 1.6.0.\u00a0\n\n\nAn old session can be used by an attacker even after the user has been deleted or the password has been changed.\n\n\nUsers are advised to upgrade to Apache InLong\u0027s 1.7.0 or cherry-pick https://github.com/apache/inlong/pull/7836 https://github.com/apache/inlong/pull/7836, https://github.com/apache/inlong/pull/7884 https://github.com/apache/inlong/pull/7884 to solve it.\n\n\n\n\n",
          "fixed_versions": [
            "1.7.0"
          ],
          "identifier": "CVE-2023-31065",
          "identifiers": [
            "GHSA-757p-7hp5-pqmr",
            "CVE-2023-31065"
          ],
          "not_impacted": "All versions before 1.4.0, all versions starting from 1.7.0",
          "package_slug": "maven/org.apache.inlong/manager-service",
          "pubdate": "2023-07-06",
          "solution": "Upgrade to version 1.7.0 or above.",
          "title": "Insufficient Session Expiration",
          "urls": [
            "https://nvd.nist.gov/vuln/detail/CVE-2023-31065",
            "https://lists.apache.org/thread/to7o0n2cks0omtwo6mhh5cs2vfdbplqf",
            "https://github.com/apache/inlong/pull/7836",
            "https://github.com/apache/inlong/pull/7884",
            "https://github.com/advisories/GHSA-757p-7hp5-pqmr"
          ],
          "uuid": "15f0d057-44dd-4989-9363-4f237177fd27"
        },
        {
          "affected_range": "[1.4.0,1.7.0)",
          "affected_versions": "All versions starting from 1.4.0 before 1.7.0",
          "cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
          "cwe_ids": [
            "CWE-1035",
            "CWE-613",
            "CWE-937"
          ],
          "date": "2023-07-06",
          "description": "Insufficient Session Expiration vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.4.0 through 1.6.0.\u00a0\n\n\nAn old session can be used by an attacker even after the user has been deleted or the password has been changed.\n\n\nUsers are advised to upgrade to Apache InLong\u0027s 1.7.0 or cherry-pick https://github.com/apache/inlong/pull/7836 https://github.com/apache/inlong/pull/7836, https://github.com/apache/inlong/pull/7884 https://github.com/apache/inlong/pull/7884 to solve it.\n\n\n\n\n",
          "fixed_versions": [
            "1.7.0"
          ],
          "identifier": "CVE-2023-31065",
          "identifiers": [
            "GHSA-757p-7hp5-pqmr",
            "CVE-2023-31065"
          ],
          "not_impacted": "All versions before 1.4.0, all versions starting from 1.7.0",
          "package_slug": "maven/org.apache.inlong/manager-web",
          "pubdate": "2023-07-06",
          "solution": "Upgrade to version 1.7.0 or above.",
          "title": "Insufficient Session Expiration",
          "urls": [
            "https://nvd.nist.gov/vuln/detail/CVE-2023-31065",
            "https://lists.apache.org/thread/to7o0n2cks0omtwo6mhh5cs2vfdbplqf",
            "https://github.com/apache/inlong/pull/7836",
            "https://github.com/apache/inlong/pull/7884",
            "https://github.com/advisories/GHSA-757p-7hp5-pqmr"
          ],
          "uuid": "8652e6b6-ec1c-4f0b-876a-cb4ed1adf73e"
        }
      ]
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:apache:inlong:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "1.6.0",
                "versionStartIncluding": "1.4.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "security@apache.org",
          "ID": "CVE-2023-31065"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Insufficient Session Expiration vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.4.0 through 1.6.0.\u00a0\n\n\nAn old session can be used by an attacker even after the user has been deleted or the password has been changed.\n\n\nUsers are advised to upgrade to Apache InLong\u0027s 1.7.0 or cherry-pick  https://github.com/apache/inlong/pull/7836 https://github.com/apache/inlong/pull/7836 ,  https://github.com/apache/inlong/pull/7884 https://github.com/apache/inlong/pull/7884  to solve it.\n\n\n\n\n"
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-613"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://lists.apache.org/thread/to7o0n2cks0omtwo6mhh5cs2vfdbplqf",
              "refsource": "MISC",
              "tags": [
                "Mailing List",
                "Vendor Advisory"
              ],
              "url": "https://lists.apache.org/thread/to7o0n2cks0omtwo6mhh5cs2vfdbplqf"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 9.1,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
            "version": "3.1"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 5.2
        }
      },
      "lastModifiedDate": "2023-05-27T03:21Z",
      "publishedDate": "2023-05-22T16:15Z"
    }
  }
}

FKIE_CVE-2023-31065

Vulnerability from fkie_nvd - Published: 2023-05-22 16:15 - Updated: 2024-11-21 08:01

Severity ?

9.1 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
9.1 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Summary

References

	URL	Tags
	security@apache.org	https://lists.apache.org/thread/to7o0n2cks0omtwo6mhh5cs2vfdbplqf	Mailing List, Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://lists.apache.org/thread/to7o0n2cks0omtwo6mhh5cs2vfdbplqf	Mailing List, Vendor Advisory

Impacted products

	Vendor	Product	Version
	apache	inlong	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:apache:inlong:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "4A7AAC7B-2146-46D9-8FD9-DA2B5903BB6E",
              "versionEndIncluding": "1.6.0",
              "versionStartIncluding": "1.4.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Insufficient Session Expiration vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.4.0 through 1.6.0.\u00a0\n\n\nAn old session can be used by an attacker even after the user has been deleted or the password has been changed.\n\n\nUsers are advised to upgrade to Apache InLong\u0027s 1.7.0 or cherry-pick  https://github.com/apache/inlong/pull/7836 https://github.com/apache/inlong/pull/7836 ,  https://github.com/apache/inlong/pull/7884 https://github.com/apache/inlong/pull/7884  to solve it.\n\n\n\n\n"
    }
  ],
  "id": "CVE-2023-31065",
  "lastModified": "2024-11-21T08:01:20.653",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 9.1,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.2,
        "source": "nvd@nist.gov",
        "type": "Primary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 9.1,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.2,
        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
        "type": "Secondary"
      }
    ]
  },
  "published": "2023-05-22T16:15:10.027",
  "references": [
    {
      "source": "security@apache.org",
      "tags": [
        "Mailing List",
        "Vendor Advisory"
      ],
      "url": "https://lists.apache.org/thread/to7o0n2cks0omtwo6mhh5cs2vfdbplqf"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Vendor Advisory"
      ],
      "url": "https://lists.apache.org/thread/to7o0n2cks0omtwo6mhh5cs2vfdbplqf"
    }
  ],
  "sourceIdentifier": "security@apache.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-613"
        }
      ],
      "source": "security@apache.org",
      "type": "Secondary"
    }
  ]
}

CNVD-2023-42966

Vulnerability from cnvd - Published: 2023-06-01

Title

Apache InLong安全绕过漏洞

Description

Apache InLong是美国阿帕奇（Apache）基金会的一站式的海量数据集成框架。 Apache InLong 1.4.0版本至1.6.0版本存在安全绕过漏洞，该漏洞源于会话过期不足，攻击者可利用此漏洞重新使用旧会话来访问系统。

Severity

高

Patch Name

Apache InLong安全绕过漏洞的补丁

Patch Description

Apache InLong是美国阿帕奇（Apache）基金会的一站式的海量数据集成框架。 Apache InLong 1.4.0版本至1.6.0版本存在安全绕过漏洞，该漏洞源于会话过期不足，攻击者可利用此漏洞重新使用旧会话来访问系统。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

厂商已发布了漏洞修复程序，请及时关注更新： https://lists.apache.org/thread/to7o0n2cks0omtwo6mhh5cs2vfdbplqf

Reference

https://nvd.nist.gov/vuln/detail/CVE-2023-31065

Impacted products

Name
Apache InLong >=1.4.0，<=1.6.0

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2023-31065",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2023-31065"
    }
  },
  "description": "Apache InLong\u662f\u7f8e\u56fd\u963f\u5e15\u5947\uff08Apache\uff09\u57fa\u91d1\u4f1a\u7684\u4e00\u7ad9\u5f0f\u7684\u6d77\u91cf\u6570\u636e\u96c6\u6210\u6846\u67b6\u3002\n\nApache InLong 1.4.0\u7248\u672c\u81f31.6.0\u7248\u672c\u5b58\u5728\u5b89\u5168\u7ed5\u8fc7\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u4f1a\u8bdd\u8fc7\u671f\u4e0d\u8db3\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u6b64\u6f0f\u6d1e\u91cd\u65b0\u4f7f\u7528\u65e7\u4f1a\u8bdd\u6765\u8bbf\u95ee\u7cfb\u7edf\u3002",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://lists.apache.org/thread/to7o0n2cks0omtwo6mhh5cs2vfdbplqf",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2023-42966",
  "openTime": "2023-06-01",
  "patchDescription": "Apache InLong\u662f\u7f8e\u56fd\u963f\u5e15\u5947\uff08Apache\uff09\u57fa\u91d1\u4f1a\u7684\u4e00\u7ad9\u5f0f\u7684\u6d77\u91cf\u6570\u636e\u96c6\u6210\u6846\u67b6\u3002\r\n\r\nApache InLong 1.4.0\u7248\u672c\u81f31.6.0\u7248\u672c\u5b58\u5728\u5b89\u5168\u7ed5\u8fc7\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u4f1a\u8bdd\u8fc7\u671f\u4e0d\u8db3\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u6b64\u6f0f\u6d1e\u91cd\u65b0\u4f7f\u7528\u65e7\u4f1a\u8bdd\u6765\u8bbf\u95ee\u7cfb\u7edf\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Apache InLong\u5b89\u5168\u7ed5\u8fc7\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "Apache InLong \u003e=1.4.0\uff0c\u003c=1.6.0"
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2023-31065",
  "serverity": "\u9ad8",
  "submitTime": "2023-05-28",
  "title": "Apache InLong\u5b89\u5168\u7ed5\u8fc7\u6f0f\u6d1e"
}

GHSA-757P-7HP5-PQMR

Vulnerability from github – Published: 2023-07-06 21:14 – Updated: 2023-07-06 23:13

Summary

Apache InLong Insufficient Session Expiration vulnerability

Details

Insufficient Session Expiration vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.4.0 through 1.6.0.

An old session can be used by an attacker even after the user has been deleted or the password has been changed.

Users are advised to upgrade to Apache InLong's 1.7.0 or cherry-pick https://github.com/apache/inlong/pull/7836 or https://github.com/apache/inlong/pull/7884 to solve it.

Severity ?

9.1 (Critical)


                  
                    CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Show details on source website

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.apache.inlong:manager-pojo"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "1.4.0"
            },
            {
              "fixed": "1.7.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.apache.inlong:manager-dao"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "1.4.0"
            },
            {
              "fixed": "1.7.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.apache.inlong:manager-web"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "1.4.0"
            },
            {
              "fixed": "1.7.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.apache.inlong:manager-service"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "1.4.0"
            },
            {
              "fixed": "1.7.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2023-31065"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-613"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2023-07-06T23:13:58Z",
    "nvd_published_at": "2023-05-22T16:15:10Z",
    "severity": "CRITICAL"
  },
  "details": "Insufficient Session Expiration vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.4.0 through 1.6.0.\u00a0\n\nAn old session can be used by an attacker even after the user has been deleted or the password has been changed.\n\nUsers are advised to upgrade to Apache InLong\u0027s 1.7.0 or cherry-pick https://github.com/apache/inlong/pull/7836 or  https://github.com/apache/inlong/pull/7884 to solve it.",
  "id": "GHSA-757p-7hp5-pqmr",
  "modified": "2023-07-06T23:13:58Z",
  "published": "2023-07-06T21:14:59Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-31065"
    },
    {
      "type": "WEB",
      "url": "https://github.com/apache/inlong/pull/7836"
    },
    {
      "type": "WEB",
      "url": "https://github.com/apache/inlong/pull/7884"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/apache/inlong"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread/to7o0n2cks0omtwo6mhh5cs2vfdbplqf"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Apache InLong Insufficient Session Expiration vulnerability"
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2023-31065 (GCVE-0-2023-31065)

GSD-2023-31065

FKIE_CVE-2023-31065

CNVD-2023-42966

GHSA-757P-7HP5-PQMR

Tags

Sightings

Nomenclature