Lucene search

Veracode Vulnerability DatabaseVERACODE:48080

HistoryJul 16, 2024 - 6:29 a.m.

JNDI Injection

2024-07-1606:29:39

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

jndi injection

apache linkis

vulnerability

datasource manager module

db2 parameters

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

8.6

Confidence

High

EPSS

0.001

Percentile

39.9%

JSON

org.apache.linkis: linkis-common is vulnerable to JNDI Injection. The vulnerability is due to insufficient filtering of db2 parameters, allowing an attacker with access to an authorized Linkis account to configure malicious parameters in the DataSource Manager Module which results in JNDI Injection.

References

github.com/advisories/GHSA-7qpc-4xx9-x5qw

linkis.apache.org/download/release-notes-1.6.0

lists.apache.org/thread/t68yy52lmv7pxgrxnq6rw7rwvk9tb1xj

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

8.6

Confidence

High

EPSS

0.001

Percentile

39.9%

JSON

Related for VERACODE:48080