CVE-2023-27987

CVE-2023-27987: Apache Linkis gateway module token authentication bypass

Vendor Apache Software Foundation

Product Apache Linkis

Weakness CWE-326 · Weak encryption

Published April 10, 2023

Last update October 17, 2024

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

Description

In Apache Linkis <=1.3.1, due to the default token generated by Linkis Gateway deployment being too simple, it is easy for attackers to obtain the default token for the attack. Generation rules should add random values. We recommend users upgrade the version of Linkis to version 1.3.2 And modify the default token value. You can refer to Token authorization[1] https://linkis.apache.org/docs/latest/auth/token https://linkis.apache.org/docs/latest/auth/token

Key dates

Disclosure timeline

April 10, 2023 CVE published

October 17, 2024 Record updated