Apache InLong: Insufficient Session Expiration in InLong
CVE-2023-31065

9.1CRITICAL

Key Information:

Vendor: Apache
Status: Apache Inlong
Vendor: CVE Published:; 22 May 2023

Summary

The Insufficient Session Expiration vulnerability in Apache InLong allows attackers to exploit old sessions even after a user account is deleted or the password is changed. This can lead to unauthorized access and compromise user security. Users are encouraged to upgrade to version 1.7.0 or implement the required changes as noted in the pull requests provided by the Apache Software Foundation to mitigate this issue.

Affected Version(s)

Apache InLong 1.4.0 <= 1.6.0

References

https://lists.apache.org/thread/to7o0n2cks0omtwo6mhh5cs2v...

vendor-advisory

CVSS V3.1

Score:

9.1

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
May 22, 2023
Vulnerability Reserved
Apr 24, 2023

Credit

lujie.ac.cn