Lucene search
ApacheCVELIST:CVE-2023-41916HistoryJul 15, 2024 - 7:53 a.m.
CVE-2023-41916 Apache Linkis DataSource: DatasourceManager module has a JDBC parameter judgment logic vulnerability that allows for arbitrary file reading
2024-07-1507:53:57
CWE-552
apache
www.cve.org
9
apache linkis
datasource manager
jdbc parameter
arbitrary file reading
mysql
version 1.4.0
version 1.5.0
EPSS
0.001
Percentile
29.1%
In Apache Linkis =1.4.0, due to the lack of effective filtering
of parameters, an attacker configuring malicious Mysql JDBC parameters in the DataSource Manager Module will triggerΒ arbitrary file reading. Therefore, the parameters in the Mysql JDBC URL should be blacklisted. This attack requires the attacker to obtain an authorized account from Linkis before it can be carried out. Versions of Apache Linkis = 1.4.0 will be affected.Β
We recommend users upgrade the version of Linkis to version 1.5.0.
CNA Affected
[
{
"collectionURL": "https://repo.maven.apache.org/maven2",
"defaultStatus": "unaffected",
"packageName": "org.apache.linkis:linkis-metadata-query-service-jdbc",
"product": "Apache Linkis DataSource",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThan": "1.5.0",
"status": "affected",
"version": "1.4.0",
"versionType": "maven"
}
]
}
]Related
vulnrichment
vulnrichment
osv
osv
CVE-2023-41916
2024-07-15 08:15:02
Apache Linkis DataSource allows arbitrary file reading
2024-07-15 09:36:22
veracode
veracode
Arbitrary File Read
2024-07-16 05:32:11
nvd
nvd
CVE-2023-41916
2024-07-15 08:15:02
cve
cve
CVE-2023-41916
2024-07-15 08:15:02
github
github
Apache Linkis DataSource allows arbitrary file reading
2024-07-15 09:36:22