Vulnerabilities > CVE-2023-27987 - Unspecified vulnerability in Apache Linkis

CVSS 9.1 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

NONE

network

low complexity

apache

critical

NVD

Published: 2023-04-10

Updated: 2024-11-21

Summary

In Apache Linkis <=1.3.1, due to the default token generated by Linkis Gateway deployment being too simple, it is easy for attackers to obtain the default token for the attack. Generation rules should add random values. We recommend users upgrade the version of Linkis to version 1.3.2 And modify the default token value. You can refer to Token authorization[1] https://linkis.apache.org/docs/latest/auth/token https://linkis.apache.org/docs/latest/auth/token

Vulnerable Configurations

Part	Description	Count
Application	Apache Apache Linkis 0.5.0 Apache Linkis 0.6.0 Apache Linkis 0.7.0 Apache Linkis 0.8.0 Apache Linkis 0.9.0 Apache Linkis 0.9.1 Apache Linkis 0.9.2 Apache Linkis 0.9.3 Apache Linkis 0.9.4 Apache Linkis 0.10.0 Apache Linkis 0.11.0 Apache Linkis 1.0.0 Apache Linkis 1.0.1 Apache Linkis 1.0.2 Apache Linkis 1.0.3 Apache Linkis 1.1.0 Apache Linkis 1.1.1 Apache Linkis 1.1.2 Apache Linkis 1.1.3 Apache Linkis 1.2.0 Apache Linkis 1.3.0	33

Summary

Vulnerable Configurations

References