cnvd - cnvd-2024-33595

cnvd-2024-33595

Vulnerability from cnvd

Title: Apache Linkis代码问题漏洞（CNVD-2024-33595）

Description:

Apache Linkis是美国阿帕奇（Apache）基金会的一款中间件产品，可以在上层应用和底层数据引擎之间建立起有效的连接。

Apache Linkis 1.6.0之前版本存在代码问题漏洞，该漏洞源于缺乏对参数的有效过滤，攻击者可利用该漏洞在DataSource Manager Module中配置恶意的db2参数将导致jndi注入。

Severity: 高

Patch Name: Apache Linkis代码问题漏洞的补丁

Patch Description:

Apache Linkis是美国阿帕奇（Apache）基金会的一款中间件产品，可以在上层应用和底层数据引擎之间建立起有效的连接。

Apache Linkis 1.6.0之前版本存在代码问题漏洞，该漏洞源于缺乏对参数的有效过滤，攻击者可利用该漏洞在DataSource Manager Module中配置恶意的db2参数将导致jndi注入。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description:

厂商已发布了漏洞修复程序，请及时关注更新： https://lists.apache.org/thread/t68yy52lmv7pxgrxnq6rw7rwvk9tb1xj

Reference: https://cxsecurity.com/cveshow/CVE-2023-49566/

Impacted products

Name
Apache linkis <1.6.0

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2023-49566"
    }
  },
  "description": "Apache Linkis\u662f\u7f8e\u56fd\u963f\u5e15\u5947\uff08Apache\uff09\u57fa\u91d1\u4f1a\u7684\u4e00\u6b3e\u4e2d\u95f4\u4ef6\u4ea7\u54c1\uff0c\u53ef\u4ee5\u5728\u4e0a\u5c42\u5e94\u7528\u548c\u5e95\u5c42\u6570\u636e\u5f15\u64ce\u4e4b\u95f4\u5efa\u7acb\u8d77\u6709\u6548\u7684\u8fde\u63a5\u3002\n\nApache Linkis 1.6.0\u4e4b\u524d\u7248\u672c\u5b58\u5728\u4ee3\u7801\u95ee\u9898\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7f3a\u4e4f\u5bf9\u53c2\u6570\u7684\u6709\u6548\u8fc7\u6ee4\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5728DataSource Manager Module\u4e2d\u914d\u7f6e\u6076\u610f\u7684db2\u53c2\u6570\u5c06\u5bfc\u81f4jndi\u6ce8\u5165\u3002",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://lists.apache.org/thread/t68yy52lmv7pxgrxnq6rw7rwvk9tb1xj",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2024-33595",
  "openTime": "2024-07-18",
  "patchDescription": "Apache Linkis\u662f\u7f8e\u56fd\u963f\u5e15\u5947\uff08Apache\uff09\u57fa\u91d1\u4f1a\u7684\u4e00\u6b3e\u4e2d\u95f4\u4ef6\u4ea7\u54c1\uff0c\u53ef\u4ee5\u5728\u4e0a\u5c42\u5e94\u7528\u548c\u5e95\u5c42\u6570\u636e\u5f15\u64ce\u4e4b\u95f4\u5efa\u7acb\u8d77\u6709\u6548\u7684\u8fde\u63a5\u3002\r\n\r\nApache Linkis 1.6.0\u4e4b\u524d\u7248\u672c\u5b58\u5728\u4ee3\u7801\u95ee\u9898\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7f3a\u4e4f\u5bf9\u53c2\u6570\u7684\u6709\u6548\u8fc7\u6ee4\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5728DataSource Manager Module\u4e2d\u914d\u7f6e\u6076\u610f\u7684db2\u53c2\u6570\u5c06\u5bfc\u81f4jndi\u6ce8\u5165\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Apache Linkis\u4ee3\u7801\u95ee\u9898\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "Apache linkis \u003c1.6.0"
  },
  "referenceLink": "https://cxsecurity.com/cveshow/CVE-2023-49566/",
  "serverity": "\u9ad8",
  "submitTime": "2024-07-17",
  "title": "Apache Linkis\u4ee3\u7801\u95ee\u9898\u6f0f\u6d1e\uff08CNVD-2024-33595\uff09"
}

CVE-2023-49566 (GCVE-0-2023-49566)

Vulnerability from cvelistv5

Published

2024-07-15 07:56

Modified

2025-03-27 15:35

Severity ?

CWE

CWE-502 - Deserialization of Untrusted Data

Summary

In Apache Linkis <=1.5.0, due to the lack of effective filtering of parameters, an attacker configuring malicious db2 parameters in the DataSource Manager Module will result in jndi injection. Therefore, the parameters in the DB2 URL should be blacklisted. This attack requires the attacker to obtain an authorized account from Linkis before it can be carried out. Versions of Apache Linkis <=1.5.0 will be affected. We recommend users upgrade the version of Linkis to version 1.6.0.

References

▼	URL	Tags
	https://lists.apache.org/thread/t68yy52lmv7pxgrxnq6rw7rwvk9tb1xj	vendor-advisory

Impacted products

	Vendor	Product	Version
	Apache Software Foundation	Apache Linkis DataSource	Version: *

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 8.8,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2023-49566",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-07-15T13:14:11.032196Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-03-27T15:35:11.826Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-09-13T17:03:59.885Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread/t68yy52lmv7pxgrxnq6rw7rwvk9tb1xj"
          },
          {
            "url": "http://www.openwall.com/lists/oss-security/2024/07/13/5"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://repo.maven.apache.org/maven2",
          "defaultStatus": "unaffected",
          "packageName": "org.apache.linkis:linkis-metadata-query-service-jdbc",
          "product": "Apache Linkis DataSource",
          "vendor": "Apache Software Foundation",
          "versions": [
            {
              "lessThan": "1.6.0",
              "status": "affected",
              "version": "*",
              "versionType": "maven"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "Joyh"
        },
        {
          "lang": "en",
          "type": "reporter",
          "value": "L0ne1y"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\n\nIn Apache Linkis \u0026lt;=1.5.0, due to the lack of effective filtering\nof parameters, an attacker configuring malicious \n\ndb2\n\n parameters in the DataSource Manager Module will result\u0026nbsp;in jndi injection. Therefore, the parameters in the DB2 URL should be blacklisted.\u0026nbsp;\n\nThis attack requires the attacker to obtain an authorized account from Linkis before it can be carried out.\n\n Versions of Apache Linkis \n\n\u0026lt;=1.5.0\n\n will be affected.\u003cbr\u003eWe recommend users upgrade the version of Linkis to version 1.6.0.\u003cbr\u003e"
            }
          ],
          "value": "\nIn Apache Linkis \u003c=1.5.0, due to the lack of effective filtering\nof parameters, an attacker configuring malicious \n\ndb2\n\n parameters in the DataSource Manager Module will result\u00a0in jndi injection. Therefore, the parameters in the DB2 URL should be blacklisted.\u00a0\n\nThis attack requires the attacker to obtain an authorized account from Linkis before it can be carried out.\n\n Versions of Apache Linkis \n\n\u003c=1.5.0\n\n will be affected.\nWe recommend users upgrade the version of Linkis to version 1.6.0.\n"
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "text": "important"
            },
            "type": "Textual description of severity"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-502",
              "description": "CWE-502 Deserialization of Untrusted Data",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-07-15T07:56:51.500Z",
        "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
        "shortName": "apache"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.apache.org/thread/t68yy52lmv7pxgrxnq6rw7rwvk9tb1xj"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Apache Linkis DataSource: JDBC Datasource Module with DB2 has JNDI Injection vulnerability",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
    "assignerShortName": "apache",
    "cveId": "CVE-2023-49566",
    "datePublished": "2024-07-15T07:56:51.500Z",
    "dateReserved": "2023-11-27T12:52:53.546Z",
    "dateUpdated": "2025-03-27T15:35:11.826Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted