9.1

CVSS Score

3.1

-

CVSS Score

Basic Information

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2023-31065

CVE-2023-31065: Apache InLong Insufficient Session Expiration vulnerability

Insufficient Session Expiration vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.4.0 through 1.6.0.

An old session can be used by an attacker even after the user has been deleted or the password has been changed.

Users are advised to upgrade to Apache InLong's 1.7.0 or cherry-pick https://github.com/apache/inlong/pull/7836 or https://github.com/apache/inlong/pull/7884 to solve it.

(GitHub Advisory)

Miggo Vulnerability Database

→

CVE-2023-31065

CVE-2023-31065:

9.1

CVSS Score

3.1

-

CVSS Score

Basic Information

Technical Details

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
org.apache.inlong:manager-pojo	maven	>= 1.4.0, < 1.7.0	1.7.0
org.apache.inlong:manager-dao	maven	>= 1.4.0, < 1.7.0	1.7.0
org.apache.inlong:manager-web	maven	>= 1.4.0, < 1.7.0	1.7.0
org.apache.inlong:manager-service	maven	>= 1.4.0, < 1.7.0	1.7.0

Technical Details

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability stems from sessions not being invalidated upon user deletion/password change. PR #7884 specifically modifies UserServiceImpl.java to add session invalidation during user deletion. The pre-patch version of the delete function lacked this critical security measure, making it the clear vulnerable entry point. While password change handling might also be involved, the provided patches focus on user deletion as the primary vector.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.

Reasoning

*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.

9.1

-

Basic Information

Basic Information

Concerned about an active attack path?

CVE-2023-31065: Apache InLong Insufficient Session Expiration vulnerability

CVE-2023-31065:

9.1

-

Basic Information

Basic Information

Technical Details

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability IntelligenceMiggo AI

Technical Details

9.1

9.1

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

CVE-2023-31065: Apache InLong Insufficient Session Expiration vulnerability

Basic Information

Basic Information

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI