How severe is CVE-2023-31065?

This vulnerability has a severity rating of CRITICAL with a CVSS score of 9.1 out of 10.

What type of vulnerability is CVE-2023-31065?

This is classified as CWE-613, which is a common weakness in software security.

CVE-2023-31065 - CRITICAL Severity | CVSS 9.1

Vulnerability Description

Insufficient Session Expiration vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.4.0 through 1.6.0. An old session can be used by an attacker even after the user has been deleted or the password has been changed. Users are advised to upgrade to Apache InLong's 1.7.0 or cherry-pick https://github.com/apache/inlong/pull/7836 https://github.com/apache/inlong/pull/7836 , https://github.com/apache/inlong/pull/7884 https://github.com/apache/inlong/pull/7884 to solve it.

Related Vulnerabilities

CVE-2021-3144

CRITICAL

CVSS:9.1(Critical)

In SaltStack Salt before 3002.5, eauth tokens can be used once after expiration. (They might be used to run command against the salt master or minions.)

CWE-6132021

CVE-2021-35034

CRITICAL

CVSS:9.1(Critical)

An insufficient session expiration vulnerability in the CGI program of the Zyxel NBG6604 firmware could allow a remote attacker to access the device if the correct token can be intercepted.

CWE-6132021

CVE-2021-35473

CRITICAL

CVSS:9.1(Critical)

An issue was discovered in LemonLDAP::NG before 2.0.12. There is a missing expiration check in the OAuth2.0 handler, i.e., it does not verify access token validity. An attacker can use a expired acces...

CWE-6132021

CVE-2021-42545

CRITICAL

CVSS:9.1(Critical)

An insufficient session expiration vulnerability exists in Business-DNA Solutions GmbH’s TopEase® Platform Version <= 7.1.27, which allows a remote attacker to reuse, spoof, or steal other user and ad...

CWE-6132021

CVE-2022-2064

CRITICAL

CVSS:9.1(Critical)

Insufficient Session Expiration in GitHub repository nocodb/nocodb prior to 0.91.7+.

CWE-6132022

CVE-2022-24042

CRITICAL

CVSS:9.1(Critical)

A vulnerability has been identified in Desigo DXR2 (All versions < V01.21.142.5-22), Desigo PXC3 (All versions < V01.21.142.4-18), Desigo PXC4 (All versions < V02.20.142.10-10884), Desigo PXC5 (All ve...

CWE-6132022