<p>Upgrade <code>org.apache.inlong:manager-service</code> to version 1.7.0 or higher.</p>

Insufficient Session Expiration Affecting org.apache.inlong:manager-service package, versions [1.4.0,1.7.0)

Snyk CVSS

Attack Complexity High

Confidentiality High

Integrity High

Threat Intelligence

EPSS 0.23% (61^st percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

Snyk ID SNYK-JAVA-ORGAPACHEINLONG-5595543
published 23 May 2023
disclosed 23 May 2023
credit lujie.ac.cn

Report a new vulnerability Found a mistake?

Introduced: 23 May 2023

CVE-2023-31065 Open this link in a new tab CWE-613 Open this link in a new tab

How to fix?

Upgrade org.apache.inlong:manager-service to version 1.7.0 or higher.

Overview

Affected versions of this package are vulnerable to Insufficient Session Expiration. An attacker in possession of user and session details of a legitimate user's session can access the session even after the user has been deleted or the password has been changed.