CVE-2023-27987 – org.apache.linkis:linkis

Package

Manager: maven
Name: org.apache.linkis:linkis
Vulnerable Version: >=0 <1.3.2

Severity

Level: Critical

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00096 pctl0.2767

Details

Apache Linkis Authentication Bypass vulnerability In Apache Linkis <=1.3.1, due to the default token generated by Linkis Gateway deployment being too simple, it is easy for attackers to obtain the default token for the attack. Generation rules should add random values. We recommend users upgrade the version of Linkis to version 1.3.2 And modify the default token value. You can refer to Token authorization.

Metadata

Created: 2023-07-06T19:24:13Z
Modified: 2024-10-18T16:28:11Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/07/GHSA-4x5h-xmv4-99wx/GHSA-4x5h-xmv4-99wx.json
CWE IDs: ["CWE-294", "CWE-326"]
Alternative ID: GHSA-4x5h-xmv4-99wx
Finding: F115
Auto approve: 1