CVE-2023-27987

Source
https://nvd.nist.gov/vuln/detail/CVE-2023-27987
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-27987.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2023-27987
Aliases
Published
2023-04-10T08:15:07Z
Modified
2024-10-17T22:45:45.648884Z
Severity
  • 9.1 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N CVSS Calculator
Summary
[none]
Details

In Apache Linkis <=1.3.1, due to the default token generated by Linkis Gateway deployment being too simple, it is easy for attackers to obtain the default token for the attack. Generation rules should add random values.

We recommend users upgrade the version of Linkis to version 1.3.2 And modify the default token value. You can refer to Token authorization[1] https://linkis.apache.org/docs/latest/auth/token https://linkis.apache.org/docs/latest/auth/token

References

Affected packages

Git / github.com/apache/incubator-linkis

Affected ranges

Type
GIT
Repo
https://github.com/apache/incubator-linkis
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected

Affected versions

0.*

0.10.0
0.11.0
0.5.0
0.6.0
0.7.0
0.8.0
0.9.0
0.9.1
0.9.2
0.9.3
0.9.4

1.*

1.0.0
1.0.0-RC1
1.0.1
1.0.2
1.1.2
1.1.3
1.1.3-rc1
1.2.0
1.2.0-rc1
1.3.0-rc1
1.3.0-rc2
1.3.1

release-1.*

release-1.0.3
release-1.0.3-rc2
release-1.1.0
release-1.1.0-rc1
release-1.1.0-rc2
release-1.1.1-rc1
release-1.1.2-rc1
release-1.1.2-rc2