Severity
High
Analysis Summary
CVE-2023-29216 CVSS:9.8
Apache Linkis could allow a remote attacker to execute arbitrary commands on the system, caused by an unsafe deserialization in the DatasourceManager module. By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary commands on the system.
CVE-2023-29215 CVSS:9.8
Apache Linkis could allow a remote attacker to execute arbitrary commands on the system, caused by an unsafe deserialization in the JDBC EngineCon. By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary commands on the system.
CVE-2023-27987 CVSS:9.8
Apache Linkis could allow a remote attacker to bypass security restrictions, caused by the use of simple token generation by the Gateway deployment. By sending a specially crafted request, an attacker could exploit this vulnerability to bypass access restrictions.
CVE-2023-27603 CVSS:9.8
Apache Linkis could allow a remote attacker to traverse directories on the system, caused by improper validation of zip path by the Manager module engineConn material upload. An attacker could use a specially crafted archive file containing “dot dot” sequences (/../) to execute arbitrary code on the system.
CVE-2023-27602 CVSS:9.8
Apache Linkis could allow a remote attacker to upload arbitrary files, caused by the improper validation of file extensions by the PublicService module. By sending a specially-crafted HTTP request, a remote attacker could exploit this vulnerability to upload a malicious PHP script, which could allow the attacker to execute arbitrary PHP code on the vulnerable system.
Impact
- Command Execution
Indicators Of Compromise
CVE
- CVE-2023-29216
- CVE-2023-29215
- CVE-2023-27987
- CVE-2023-27603
- CVE-2023-27602
Affected Vendors
Apache
Affected Products
- Apache Linkis 1.3.1
Remediation
Upgrade to the latest version of Apache Linkis, available from the Apache Website.