Home > Vulnerability Database > CVE-2023-27987

Mend.io Vulnerability Database

CVE-2023-27987

Good to know:

Date: April 10, 2023

In Apache Linkis <=1.3.1, due to the default token generated by Linkis Gateway deployment being too simple, it is easy for attackers to obtain the default token for the attack. Generation rules should add random values. We recommend users upgrade the version of Linkis to version 1.3.2 And modify the default token value. You can refer to Token authorization[1] https://linkis.apache.org/docs/latest/auth/token https://linkis.apache.org/docs/latest/auth/token

Language: SCALA

Severity Score

9.1

Related Resources (5)

Url: https://www.openwall.com/lists/oss-security/2023/04/10/3

Url: http://www.openwall.com/lists/oss-security/2023/04/10/3

Url: https://nvd.nist.gov/vuln/detail/CVE-2023-27987

Url: https://lists.apache.org/thread/3cr1cz3210wzwngldwrqzm43vwhghp0p

Url: https://www.mend.io/vulnerability-database/CVE-2023-27987

Severity Score

9.1

Weakness Type (CWE)

Inadequate Encryption Strength

CWE-326

Authentication Bypass by Capture-replay

CWE-294

Top Fix

Upgrade Version

Upgrade to version org.apache.linkis:linkis-cli-application:1.3.2, org.apache.linkis:linkis-computation-client:1.3.2

Learn More

CVSS v3.1

Base Score:	9.1
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2023-27987

Good to know:

Date: April 10, 2023

Language: SCALA

Severity Score

Related Resources (5)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?