CVE-2023-31453: Apache InLong: IDOR make users can delete others' subscription

[Charles Zhang <dockerzhang () apache org>]

Severity: important

Affected versions:

- Apache InLong 1.2.0 through 1.6.0

Description:

Incorrect Permission Assignment for Critical Resource Vulnerability in Apache Software Foundation Apache InLong.This 
issue affects Apache InLong: from 1.2.0 through 1.6.0. The attacker can delete others' subscriptions, even if they are 
not the owner
of the deleted subscription. Users are advised to upgrade to Apache InLong's 1.7.0 or cherry-pick [1] to solve it.

[1] 

 https://github.com/apache/inlong/pull/7949 https://github.com/apache/inlong/pull/7949

References:

https://inlong.apache.org
https://www.cve.org/CVERecord?id=CVE-2023-31453