PT-2023-21469 · Apache · Apache Linkis

Laihan

Publicado

2023-04-10

Atualizado

2024-10-17

CVE-2023-27987

CVSS v3.1

9.1

Crítica

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Name of the Vulnerable Software and Affected Versions Apache Linkis versions 1.3.1 and earlier

Description The issue arises due to the default token generated by Linkis Gateway deployment being too simple, making it easy for attackers to obtain the default token for the attack. Generation rules should add random values.

Recommendations For Apache Linkis versions 1.3.1 and earlier, upgrade the version of Linkis to version 1.3.2 and modify the default token value. As a temporary workaround, consider modifying the default token value to add random values until a patch is available. Restrict access to the default token to minimize the risk of exploitation.

Correção

Inadequate Encryption Strength

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-294CWE-326

Identificadores relacionados

CVE-2023-27987

GHSA-4X5H-XMV4-99WX

Produtos afetados

Apache Linkis

PT-2023-21469 · Apache · Apache Linkis

CVE-2023-27987

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 8