Insecure Default Initialization of Resource

CVE-2023-31101

Medium

6.5/10

Summary

Insecure Default Initialization of Resource Vulnerability in Apache Software Foundation Apache InLong. This issue affects Apache InLong versions 1.5.0-RC0 through 1.6.0. Users registered in InLong who joined later can see deleted users' data. Users are advised to upgrade to a fixed version.

Attack Complexity: LOW
Attack Vector: NETWORK
Integrity Impact: NONE
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: LOW
Confidentiality Impact: HIGH
Availability Impact: NONE

CWE-1188 - Insecure Default Initialization of Resource

The software initializes or sets a resource with a default that is intended to be changed by the administrator, but the default is not secure.

References

Advisory
Pull request
Release Note
Issue

Advisory Timeline

Published May 22, 2023

Insecure Default Initialization of Resource

CVE-2023-31101

Summary

CWE-1188 - Insecure Default Initialization of Resource

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS