Lucene search
ApacheVULNRICHMENT:CVE-2023-41916HistoryJul 15, 2024 - 7:53 a.m.
CVE-2023-41916 Apache Linkis DataSource: DatasourceManager module has a JDBC parameter judgment logic vulnerability that allows for arbitrary file reading
2024-07-1507:53:57
CWE-552
apache
github.com
3
apache linkis
cve-2023-41916
datasourcemanager
arbitrary file reading
parameter filtering
mysql jdbc
authorization
version upgrade
AI Score
7
Confidence
Low
EPSS
0.001
Percentile
29.1%
SSVC
Exploitation
none
Automatable
no
Technical Impact
partial
In Apache Linkis =1.4.0, due to the lack of effective filtering
of parameters, an attacker configuring malicious Mysql JDBC parameters in the DataSource Manager Module will triggerΒ arbitrary file reading. Therefore, the parameters in the Mysql JDBC URL should be blacklisted. This attack requires the attacker to obtain an authorized account from Linkis before it can be carried out. Versions of Apache Linkis = 1.4.0 will be affected.Β
We recommend users upgrade the version of Linkis to version 1.5.0.
CNA Affected
[
{
"vendor": "Apache Software Foundation",
"product": "Apache Linkis DataSource",
"versions": [
{
"status": "affected",
"version": "1.4.0",
"lessThan": "1.5.0",
"versionType": "maven"
}
],
"packageName": "org.apache.linkis:linkis-metadata-query-service-jdbc",
"collectionURL": "https://repo.maven.apache.org/maven2",
"defaultStatus": "unaffected"
}
]Related
osv
osv
Apache Linkis DataSource allows arbitrary file reading
2024-07-15 09:36:22
CVE-2023-41916
2024-07-15 08:15:02
cvelist
cvelist
veracode
veracode
Arbitrary File Read
2024-07-16 05:32:11
cve
cve
CVE-2023-41916
2024-07-15 08:15:02
nvd
nvd
CVE-2023-41916
2024-07-15 08:15:02
github
github
Apache Linkis DataSource allows arbitrary file reading
2024-07-15 09:36:22
AI Score
7
Confidence
Low
EPSS
0.001
Percentile
29.1%
SSVC
Exploitation
none
Automatable
no
Technical Impact
partial
Related for VULNRICHMENT:CVE-2023-41916