CVE-2023-27987

CVSS v3.1

9.1

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Name of the Vulnerable Software and Affected Versions Apache Linkis versions 1.3.1 and earlier

Description The issue arises due to the default token generated by Linkis Gateway deployment being too simple, making it easy for attackers to obtain the default token for the attack. Generation rules should add random values.

Recommendations For Apache Linkis versions 1.3.1 and earlier, upgrade the version of Linkis to version 1.3.2 and modify the default token value. As a temporary workaround, consider modifying the default token value to add random values until a patch is available. Restrict access to the default token to minimize the risk of exploitation.

Fix

Inadequate Encryption Strength

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-294CWE-326

Related Identifiers

CVE-2023-27987

GHSA-4X5H-XMV4-99WX

Affected Products

Apache Linkis

CVE-2023-27987

Weakness Enumeration

Related Identifiers

Affected Products

References · 8