Vulnerabilites related to Apache Software Foundation - Apache Linkis
CVE-2023-27602 (GCVE-0-2023-27602)
Vulnerability from cvelistv5
Published
2023-04-10 07:36
Modified
2025-02-13 16:45
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-434 - Unrestricted Upload of File with Dangerous Type
Summary
In Apache Linkis <=1.3.1, The PublicService module uploads files without restrictions on the path to the uploaded files, and file types.
We recommend users upgrade the version of Linkis to version 1.3.2.
For versions
<=1.3.1, we suggest turning on the file path check switch in linkis.properties
`wds.linkis.workspace.filesystem.owner.check=true`
`wds.linkis.workspace.filesystem.path.check=true`
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache Linkis |
Version: 0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T12:16:35.883Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"mailing-list",
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.apache.org/thread/wt70jfc0yfs6s5g0wg5dr5klnc48nsp1"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2023/04/10/1"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2023/04/18/4"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2023/04/19/3"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:apache:linkis:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linkis",
"vendor": "apache",
"versions": [
{
"lessThanOrEqual": "1.3.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-27602",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-22T15:25:12.309658Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-22T15:26:24.290Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Apache Linkis",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThanOrEqual": "1.3.1",
"status": "affected",
"version": "0",
"versionType": "maven"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Laihan"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\n\nIn Apache Linkis \u0026lt;=1.3.1, The PublicService module uploads\u0026nbsp;\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003efiles without restrictions on the path to the uploaded\u0026nbsp;\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003efiles, and file types.\u003cbr\u003e\n\nWe recommend users upgrade the version of Linkis to version 1.3.2.\u0026nbsp;\n\u003cbr\u003eFor versions \n\n\u0026lt;=1.3.1, we suggest turning on the file path check switch in linkis.properties\u003cbr\u003e\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e`wds.linkis.workspace.\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003efilesystem.owner.check=true`\u003cbr\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e`wds.linkis.workspace.\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003efilesystem.path.check=true`\u003c/span\u003e\u003c/span\u003e\u003c/span\u003e"
}
],
"value": "In Apache Linkis \u003c=1.3.1, The PublicService module uploads\u00a0files without restrictions on the path to the uploaded\u00a0files, and file types.\n\n\nWe recommend users upgrade the version of Linkis to version 1.3.2.\u00a0\n\nFor versions \n\n\u003c=1.3.1, we suggest turning on the file path check switch in linkis.properties\n\n`wds.linkis.workspace.filesystem.owner.check=true`\n`wds.linkis.workspace.filesystem.path.check=true`"
}
],
"metrics": [
{
"other": {
"content": {
"text": "important"
},
"type": "Textual description of severity"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-434",
"description": "CWE-434 Unrestricted Upload of File with Dangerous Type",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-19T11:06:11.804Z",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"tags": [
"mailing-list",
"vendor-advisory"
],
"url": "https://lists.apache.org/thread/wt70jfc0yfs6s5g0wg5dr5klnc48nsp1"
},
{
"url": "http://www.openwall.com/lists/oss-security/2023/04/10/1"
},
{
"url": "http://www.openwall.com/lists/oss-security/2023/04/18/4"
},
{
"url": "http://www.openwall.com/lists/oss-security/2023/04/19/3"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Apache Linkis publicsercice module unrestricted upload of file",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2023-27602",
"datePublished": "2023-04-10T07:36:28.437Z",
"dateReserved": "2023-03-04T10:46:35.079Z",
"dateUpdated": "2025-02-13T16:45:29.640Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-29216 (GCVE-0-2023-29216)
Vulnerability from cvelistv5
Published
2023-04-10 07:37
Modified
2025-02-13 16:49
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-502 - Deserialization of Untrusted Data
Summary
In Apache Linkis <=1.3.1, because the parameters are not
effectively filtered, the attacker uses the MySQL data source and malicious parameters to
configure a new data source to trigger a deserialization vulnerability, eventually leading to
remote code execution.
Versions of Apache Linkis <= 1.3.0 will be affected.
We recommend users upgrade the version of Linkis to version 1.3.2.
References
| ▼ | URL | Tags |
|---|---|---|
| https://lists.apache.org/thread/18vv0m32oy51nzk8tbz13qdl5569y55l | vendor-advisory, mailing-list | |
| http://www.openwall.com/lists/oss-security/2023/04/10/5 |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache Linkis |
Version: 0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:00:15.897Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread/18vv0m32oy51nzk8tbz13qdl5569y55l"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2023/04/10/5"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:apache:linkis:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linkis",
"vendor": "apache",
"versions": [
{
"lessThanOrEqual": "1.3.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-29216",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-22T15:20:54.992739Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-22T15:21:53.575Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Apache Linkis",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThanOrEqual": "1.3.1",
"status": "affected",
"version": "0",
"versionType": "maven"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "sw0rd1ight"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "In Apache Linkis \u0026lt;=1.3.1, because the parameters are not\neffectively filtered, the attacker uses the MySQL data source and malicious parameters to\nconfigure a new data source to trigger a deserialization vulnerability, eventually leading to\nremote code execution.\u003cbr\u003e Versions of Apache Linkis \u0026lt;= 1.3.0 will be affected.\u003cbr\u003eWe recommend users upgrade the version of Linkis to version 1.3.2.\n\n\u003cbr\u003e"
}
],
"value": "In Apache Linkis \u003c=1.3.1, because the parameters are not\neffectively filtered, the attacker uses the MySQL data source and malicious parameters to\nconfigure a new data source to trigger a deserialization vulnerability, eventually leading to\nremote code execution.\n Versions of Apache Linkis \u003c= 1.3.0 will be affected.\nWe recommend users upgrade the version of Linkis to version 1.3.2."
}
],
"metrics": [
{
"other": {
"content": {
"text": "important"
},
"type": "Textual description of severity"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-502",
"description": "CWE-502 Deserialization of Untrusted Data",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-10T07:40:23.203Z",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"tags": [
"vendor-advisory",
"mailing-list"
],
"url": "https://lists.apache.org/thread/18vv0m32oy51nzk8tbz13qdl5569y55l"
},
{
"url": "http://www.openwall.com/lists/oss-security/2023/04/10/5"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Apache Linkis DatasourceManager module has a deserialization command execution",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2023-29216",
"datePublished": "2023-04-10T07:37:29.383Z",
"dateReserved": "2023-04-03T15:04:14.339Z",
"dateUpdated": "2025-02-13T16:49:02.797Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-39944 (GCVE-0-2022-39944)
Vulnerability from cvelistv5
Published
2022-10-26 00:00
Modified
2025-05-07 18:33
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Remote code execution vulnerability
Summary
In Apache Linkis <=1.2.0 when used with the MySQL Connector/J, a deserialization vulnerability with possible remote code execution impact exists when an attacker has write access to a database and configures a JDBC EC with a MySQL data source and malicious parameters. Therefore, the parameters in the jdbc url should be blacklisted. Versions of Apache Linkis <= 1.2.0 will be affected, We recommend users to update to 1.3.0.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache Linkis |
Version: Apache Linkis < |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T12:07:42.949Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://lists.apache.org/thread/rxytj48q17304snonjtyt5lnlw64gccc"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-39944",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-07T18:32:58.088264Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-502",
"description": "CWE-502 Deserialization of Untrusted Data",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-07T18:33:27.944Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Apache Linkis",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThanOrEqual": "1.2.0",
"status": "affected",
"version": "Apache Linkis",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "This issue was discovered by 4ra1n and zac from ZAC Security Team"
}
],
"descriptions": [
{
"lang": "en",
"value": "In Apache Linkis \u003c=1.2.0 when used with the MySQL Connector/J, a deserialization vulnerability with possible remote code execution impact exists when an attacker has write access to a database and configures a JDBC EC with a MySQL data source and malicious parameters. Therefore, the parameters in the jdbc url should be blacklisted. Versions of Apache Linkis \u003c= 1.2.0 will be affected, We recommend users to update to 1.3.0."
}
],
"metrics": [
{
"other": {
"content": {
"other": "important"
},
"type": "unknown"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Remote code execution vulnerability ",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-10-26T00:00:00.000Z",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"url": "https://lists.apache.org/thread/rxytj48q17304snonjtyt5lnlw64gccc"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "The Apache Linkis JDBC EngineConn module has a RCE Vulnerability",
"workarounds": [
{
"lang": "en",
"value": " \u003c= 1.2.0 users should upgrade to 1.3.0. \nOr upgrade the materials of JDBC EngineConn separately, you can refer to: https://github.com/apache/incubator-linkis/tree/master/linkis-engineconn-plugins/jdbc"
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2022-39944",
"datePublished": "2022-10-26T00:00:00.000Z",
"dateReserved": "2022-09-05T00:00:00.000Z",
"dateUpdated": "2025-05-07T18:33:27.944Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-27603 (GCVE-0-2023-27603)
Vulnerability from cvelistv5
Published
2023-04-10 07:36
Modified
2024-10-22 15:24
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Summary
In Apache Linkis <=1.3.1, due to the Manager module engineConn material upload does not check the zip path, This is a Zip Slip issue, which will lead to a potential RCE vulnerability.
We recommend users upgrade the version of Linkis to version 1.3.2.
References
| ▼ | URL | Tags |
|---|---|---|
| https://lists.apache.org/thread/6n1vlvnyn441rm02zdqc0wnpckj8ltn8 | mailing-list, vendor-advisory | |
| https://www.openwall.com/lists/oss-security/2023/04/10/2 |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache Linkis |
Version: 0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T12:16:36.515Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"mailing-list",
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.apache.org/thread/6n1vlvnyn441rm02zdqc0wnpckj8ltn8"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.openwall.com/lists/oss-security/2023/04/10/2"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:apache:linkis:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linkis",
"vendor": "apache",
"versions": [
{
"lessThanOrEqual": "1.3.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-27603",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-22T15:22:15.057216Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-22T15:24:50.114Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Apache Linkis",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThanOrEqual": "1.3.1",
"status": "affected",
"version": "0",
"versionType": "maven"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "4ra1n"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\n\nIn Apache Linkis \u0026lt;=1.3.1, due to the Manager module engineConn material upload does not check the zip path,\u0026nbsp;This is a Zip Slip issue, which will lead to a\u0026nbsp;\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003epotential RCE vulnerability.\u003cbr\u003e\n\nWe recommend users upgrade the version of Linkis to version 1.3.2.\n\n\u003c/span\u003e\n\n"
}
],
"value": "\n\n\nIn Apache Linkis \u003c=1.3.1, due to the Manager module engineConn material upload does not check the zip path,\u00a0This is a Zip Slip issue, which will lead to a\u00a0potential RCE vulnerability.\n\n\nWe recommend users upgrade the version of Linkis to version 1.3.2.\n\n\n\n"
}
],
"metrics": [
{
"other": {
"content": {
"text": "important"
},
"type": "Textual description of severity"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-14T07:17:51.536Z",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"tags": [
"mailing-list",
"vendor-advisory"
],
"url": "https://lists.apache.org/thread/6n1vlvnyn441rm02zdqc0wnpckj8ltn8"
},
{
"url": "https://www.openwall.com/lists/oss-security/2023/04/10/2"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Apache Linkis Mangaer module engineConn material upload exists Zip Slip issue",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2023-27603",
"datePublished": "2023-04-10T07:36:50.250Z",
"dateReserved": "2023-03-04T10:49:03.741Z",
"dateUpdated": "2024-10-22T15:24:50.114Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-27987 (GCVE-0-2023-27987)
Vulnerability from cvelistv5
Published
2023-04-10 07:37
Modified
2024-10-17 20:20
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-326 - Inadequate Encryption Strength
Summary
In Apache Linkis <=1.3.1, due to the default token generated by Linkis Gateway deployment being too simple, it is easy for attackers to obtain the default token for the attack. Generation rules should add random values.
We recommend users upgrade the version of Linkis to version 1.3.2 And modify the default token value. You can refer to Token authorization[1]
https://linkis.apache.org/docs/latest/auth/token https://linkis.apache.org/docs/latest/auth/token
References
| ▼ | URL | Tags |
|---|---|---|
| https://lists.apache.org/thread/3cr1cz3210wzwngldwrqzm43vwhghp0p | vendor-advisory, mailing-list | |
| https://www.openwall.com/lists/oss-security/2023/04/10/3 |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache Linkis |
Version: 0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T12:23:30.699Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread/3cr1cz3210wzwngldwrqzm43vwhghp0p"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.openwall.com/lists/oss-security/2023/04/10/3"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:apache:linkis:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linkis",
"vendor": "apache",
"versions": [
{
"lessThanOrEqual": "1.3.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-27987",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-17T20:20:28.978438Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-17T20:20:41.204Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Apache Linkis",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThanOrEqual": "1.3.1",
"status": "affected",
"version": "0",
"versionType": "maven"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Laihan"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\nIn Apache Linkis \u0026lt;=1.3.1,\u0026nbsp;due to the default token generated by Linkis Gateway deployment being too simple, it is easy for attackers to obtain the default token for the attack.\u0026nbsp;Generation rules should add random values.\u003cbr\u003e\n\n\n\nWe recommend users upgrade the version of Linkis to version 1.3.2 And modify the default token value. You can refer to Token authorization[1]\u003cbr\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://linkis.apache.org/docs/latest/auth/token\"\u003ehttps://linkis.apache.org/docs/latest/auth/token\u003c/a\u003e\n\n\n\n\u003cbr\u003e"
}
],
"value": "\nIn Apache Linkis \u003c=1.3.1,\u00a0due to the default token generated by Linkis Gateway deployment being too simple, it is easy for attackers to obtain the default token for the attack.\u00a0Generation rules should add random values.\n\n\n\n\nWe recommend users upgrade the version of Linkis to version 1.3.2 And modify the default token value. You can refer to Token authorization[1]\n https://linkis.apache.org/docs/latest/auth/token https://linkis.apache.org/docs/latest/auth/token \n\n\n\n\n"
}
],
"metrics": [
{
"other": {
"content": {
"text": "important"
},
"type": "Textual description of severity"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-326",
"description": "CWE-326 Inadequate Encryption Strength",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-14T07:51:55.696Z",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"tags": [
"vendor-advisory",
"mailing-list"
],
"url": "https://lists.apache.org/thread/3cr1cz3210wzwngldwrqzm43vwhghp0p"
},
{
"url": "https://www.openwall.com/lists/oss-security/2023/04/10/3"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Apache Linkis gateway module token authentication bypass",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2023-27987",
"datePublished": "2023-04-10T07:37:07.558Z",
"dateReserved": "2023-03-09T07:54:39.525Z",
"dateUpdated": "2024-10-17T20:20:41.204Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-29215 (GCVE-0-2023-29215)
Vulnerability from cvelistv5
Published
2023-04-10 07:35
Modified
2025-02-13 16:49
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-502 - Deserialization of Untrusted Data
Summary
In Apache Linkis <=1.3.1, due to the lack of effective filtering
of parameters, an attacker configuring malicious Mysql JDBC parameters in JDBC EengineConn Module will trigger a
deserialization vulnerability and eventually lead to remote code execution. Therefore, the parameters in the Mysql JDBC URL should be blacklisted. Versions of Apache Linkis <= 1.3.0 will be affected.
We recommend users upgrade the version of Linkis to version 1.3.2.
References
| ▼ | URL | Tags |
|---|---|---|
| https://lists.apache.org/thread/o682wz1ggq491ybvjwokxvcdtnzo76ls | vendor-advisory, mailing-list | |
| http://www.openwall.com/lists/oss-security/2023/04/10/4 |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache Linkis |
Version: 0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:00:15.874Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread/o682wz1ggq491ybvjwokxvcdtnzo76ls"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2023/04/10/4"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:apache:linkis:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linkis",
"vendor": "apache",
"versions": [
{
"lessThanOrEqual": "1.3.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-29215",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-22T15:26:45.501261Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-22T15:27:46.240Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Apache Linkis",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThanOrEqual": "1.3.1",
"status": "affected",
"version": "0",
"versionType": "maven"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "sw0rd1ight"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "In Apache Linkis \u0026lt;=1.3.1, due to the lack of effective filtering\nof parameters, an attacker configuring malicious Mysql JDBC parameters in JDBC EengineConn Module will trigger a\ndeserialization vulnerability and eventually lead to remote code execution. Therefore, the parameters in the Mysql JDBC URL should be blacklisted. Versions of Apache Linkis \u0026lt;= 1.3.0 will be affected.\u003cbr\u003eWe recommend users upgrade the version of Linkis to version 1.3.2.\n\n\u003cbr\u003e"
}
],
"value": "In Apache Linkis \u003c=1.3.1, due to the lack of effective filtering\nof parameters, an attacker configuring malicious Mysql JDBC parameters in JDBC EengineConn Module will trigger a\ndeserialization vulnerability and eventually lead to remote code execution. Therefore, the parameters in the Mysql JDBC URL should be blacklisted. Versions of Apache Linkis \u003c= 1.3.0 will be affected.\nWe recommend users upgrade the version of Linkis to version 1.3.2."
}
],
"metrics": [
{
"other": {
"content": {
"text": "important"
},
"type": "Textual description of severity"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-502",
"description": "CWE-502 Deserialization of Untrusted Data",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-10T07:40:22.237Z",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"tags": [
"vendor-advisory",
"mailing-list"
],
"url": "https://lists.apache.org/thread/o682wz1ggq491ybvjwokxvcdtnzo76ls"
},
{
"url": "http://www.openwall.com/lists/oss-security/2023/04/10/4"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Apache Linkis JDBC EngineCon has a deserialization command execution",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2023-29215",
"datePublished": "2023-04-10T07:35:23.690Z",
"dateReserved": "2023-04-03T14:49:09.555Z",
"dateUpdated": "2025-02-13T16:49:02.260Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}