CVE-2023-31066

CRITICAL Year: 2023
CVSS v3 Score
9.1
Critical
Weakness Type
CWE-552
View all →

Vulnerability Description

Files or Directories Accessible to External Parties vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.4.0 through 1.6.0. Different users in InLong could delete, edit, stop, and start others' sources! Users are advised to upgrade to Apache InLong's 1.7.0 or cherry-pick https://github.com/apache/inlong/pull/7775 https://github.com/apache/inlong/pull/7775 to solve it.

Related Vulnerabilities

CVE-2018-10867

CRITICAL
CVSS:9.1(Critical)

Files are accessible without restrictions from the /update/results page of redhat-certification 7 package, allowing an attacker to remove any file accessible by the apached user.

CWE-5522018

CVE-2020-15175

CRITICAL
CVSS:9.1(Critical)

In GLPI before version 9.5.2, the `​pluginimage.send.php​` endpoint allows a user to specify an image from a plugin. The parameters can be maliciously crafted to instead delete the .htaccess file for ...

CWE-5522020

CVE-2020-17519

CRITICAL
CVSS:9.1(Critical)

A change introduced in Apache Flink 1.11.0 (and released in 1.11.1 and 1.11.2 as well) allows attackers to read any file on the local filesystem of the JobManager through the REST interface of the Job...

CWE-5522020

CVE-2021-1361

CRITICAL
CVSS:9.1(Critical)

A vulnerability in the implementation of an internal file management service for Cisco Nexus 3000 Series Switches and Cisco Nexus 9000 Series Switches in standalone NX-OS mode that are running Cisco N...

CWE-5522021

CVE-2024-21403

CRITICAL
CVSS:9.0(Critical)

Microsoft Azure Kubernetes Service Confidential Container Elevation of Privilege Vulnerability

CWE-5522024

CVE-2021-20182

HIGH
CVSS:8.8(High)

A privilege escalation flaw was found in openshift4/ose-docker-builder. The build container runs with high privileges using a chrooted environment instead of runc. If an attacker can gain access to th...

CWE-5522021