CVE-2023-27987: Apache Linkis gateway module token authentication bypass
First published: Mon Apr 10 2023(Updated: )
In Apache Linkis <=1.3.1, due to the default token generated by Linkis Gateway deployment being too simple, it is easy for attackers to obtain the default token for the attack. Generation rules should add random values. We recommend users upgrade the version of Linkis to version 1.3.2 And modify the default token value. You can refer to Token authorization[1] https://linkis.apache.org/docs/latest/auth/token https://linkis.apache.org/docs/latest/auth/token
Credit: security@apache.org security@apache.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Apache Linkis | <=1.3.1 | |
| maven/org.apache.linkis:linkis | <1.3.2 | 1.3.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- collector/nvd-index
- agent/type
- agent/title
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/author
- collector/github-advisory-latest
- source/GitHub
- alias/GHSA-4x5h-xmv4-99wx
- alias/CVE-2023-27987
- agent/severity
- agent/weakness
- agent/last-modified-date
- agent/references
- agent/softwarecombine
- agent/event
- agent/description
- collector/nvd-cve
- agent/tags
- collector/github-advisory
- vendor/apache
- canonical/apache linkis
- version/apache linkis/1.3.1
- package-manager/maven