GHSA-86pw-4rqp-6x7v · Severity: medium · Ecosystem: maven — Apache InLong: General user can delete and update process
Exposure of Resource to Wrong Sphere Vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.4.0 through 1.7.0. The attacker could use general users to delete and update the process, which only the admin can operate occurrences. Users are advised to upgrade to Apache InLong's 1.8.0 or cherry-pick https://github.com/apache/inlong/pull/8109 to solve it.
Conclusion & alert: CVE-2023-34189 is rated Moderate Risk (46.4/100): CVSS Medium severity, with medium exploitation likelihood (EPSS 0.93%). Mandatory action: Review affected assets and schedule remediation.
Risk is dynamic; we continuously reassess and refresh what is shown on this page as upstream context changes.
EPSS lead: Daily EPSS estimates relative likelihood of exploitation; percentile ranks this CVE among scored vulnerabilities (higher = more severe relative rank).
| # | Date | Old EPSS score | New EPSS score | Delta (New - Old) |
|---|---|---|---|---|
| 1 | 2026-06-15 | 0.11% | 0.93% | +0.83% |
| 2 | 2025-11-21 | 1.20% | 0.11% | -1.09% |
| 3 | 2025-11-18 | — | 1.20% | — |
Full EPSS history (10 records total)
CVSS metrics for this CVE.
| Base score | Version | Severity | Vector | Exploitability | Impact | Score source |
|---|---|---|---|---|---|---|
| 6.5 | 3.1 | MEDIUM |
|
2.8 | 3.6 | [email protected] |
GHSA-86pw-4rqp-6x7v · Severity: medium · Ecosystem: maven — Apache InLong: General user can delete and update process
| URL | Tags |
|---|---|
| http://www.openwall.com/lists/oss-security/2023/07/25/2 | Mailing List Third Party Advisory |
| https://lists.apache.org/thread/smxqyx43hxjvzv4w71n2n3rfho9p378s | Mailing List Vendor Advisory |