CVE-2023-27987
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2023-27987
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-27987.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2023-27987
- Aliases
- Published
- 2023-04-10T08:15:07Z
- Modified
- 2024-10-17T22:49:26.998370Z
- Severity
-
- 9.1 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N CVSS Calculator
- Summary
- [none]
- Details
-
In Apache Linkis <=1.3.1, due to the default token generated by Linkis Gateway deployment being too simple, it is easy for attackers to obtain the default token for the attack. Generation rules should add random values.
We recommend users upgrade the version of Linkis to version 1.3.2 And modify the default token value. You can refer to Token authorization[1] https://linkis.apache.org/docs/latest/auth/token https://linkis.apache.org/docs/latest/auth/token
- References
Affected packages
Git / github.com/apache/incubator-linkis
Affected ranges
- Type
- GIT
- Repo
- https://github.com/apache/incubator-linkis
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedLast affected
Affected versions
0.*
0.10.0
0.11.0
0.5.0
0.6.0
0.7.0
0.8.0
0.9.0
0.9.1
0.9.2
0.9.3
0.9.4
1.*
1.0.0
1.0.0-RC1
1.0.1
1.0.2
1.1.2
1.1.3
1.1.3-rc1
1.2.0
1.2.0-rc1
1.3.0-rc1
1.3.0-rc2
1.3.1
release-1.*
release-1.0.3
release-1.0.3-rc2
release-1.1.0
release-1.1.0-rc1
release-1.1.0-rc2
release-1.1.1-rc1
release-1.1.2-rc1
release-1.1.2-rc2