Lucene search

K
cve[email protected]CVE-2023-27603
HistoryApr 10, 2023 - 8:15 a.m.

CVE-2023-27603

2023-04-1008:15:07
CWE-22
web.nvd.nist.gov
26
apache linkis
rce
cve-2023-27603
zip slip
nvd
security
upgrade

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.4 High

AI Score

Confidence

High

0.016 Low

EPSS

Percentile

87.6%

In Apache Linkis <=1.3.1, due to the Manager module engineConn material upload does not check the zip path,Β This is a Zip Slip issue, which will lead to aΒ potential RCE vulnerability.

We recommend users upgrade the version of Linkis to version 1.3.2.

Affected configurations

Vulners
NVD
Node
apachelinkisRange≀1.3.1
CPENameOperatorVersion
apache:linkisapache linkisle1.3.1

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Apache Linkis",
    "vendor": "Apache Software Foundation",
    "versions": [
      {
        "lessThanOrEqual": "1.3.1",
        "status": "affected",
        "version": "0",
        "versionType": "maven"
      }
    ]
  }
]

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.4 High

AI Score

Confidence

High

0.016 Low

EPSS

Percentile

87.6%

Related for CVE-2023-27603