Home > Vulnerability Database > CVE-2023-41916

Mend.io Vulnerability Database

CVE-2023-41916

Good to know:

Date: July 15, 2024

In Apache Linkis =1.4.0, due to the lack of effective filtering of parameters, an attacker configuring malicious Mysql JDBC parameters in the DataSource Manager Module will trigger arbitrary file reading. Therefore, the parameters in the Mysql JDBC URL should be blacklisted. This attack requires the attacker to obtain an authorized account from Linkis before it can be carried out. Versions of Apache Linkis = 1.4.0 will be affected. We recommend users upgrade the version of Linkis to version 1.5.0.

Language: Java

Severity Score

6.5

Related Resources (5)

Url: https://nvd.nist.gov/vuln/detail/CVE-2023-41916

Url: https://github.com/apache/linkis

Url: https://linkis.apache.org/download/release-notes-1.6.0

Url: https://lists.apache.org/thread/dxkpwyoxy1jpdwlpqp15zvo0jxn4v729

Url: https://www.mend.io/vulnerability-database/CVE-2023-41916

Severity Score

6.5

Weakness Type (CWE)

Files or Directories Accessible to External Parties

CWE-552

Top Fix

Upgrade Version

Upgrade to version org.apache.linkis:linkis-metadata-query-service-jdbc:1.6.0

Learn More

CVSS v3.1

Base Score:	6.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	NONE
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2023-41916

Good to know:

Date: July 15, 2024

Language: Java

Severity Score

Related Resources (5)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?