CVE-2023-50740 – org.apache.linkis:linkis

Package

Manager: maven
Name: org.apache.linkis:linkis
Vulnerable Version: >=0 <1.5.0

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00127 pctl0.32836

Details

Apache Linkis DataSource: DataSource module Oracle SQL Database Password Logged In Apache Linkis <=1.4.0, The password is printed to the log when using the Oracle data source of the Linkis data source module.  We recommend users upgrade the version of Linkis to version 1.5.0

Metadata

Created: 2024-03-06T15:31:04Z
Modified: 2025-02-13T19:09:14Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/03/GHSA-m757-p8rv-4q93/GHSA-m757-p8rv-4q93.json
CWE IDs: ["CWE-532"]
Alternative ID: GHSA-m757-p8rv-4q93
Finding: F091
Auto approve: 1