CVE-2023-50740
MEDIUM5.3EPSS 0.16%Apache Linkis DataSource: DataSource module Oracle SQL Database Password Logged
Published: 3/6/2024Modified: 2/13/2025
Also known as:GHSA-m757-p8rv-4q93
Description
In Apache Linkis <=1.4.0, The password is printed to the log when using the Oracle data source of the Linkis data source module. We recommend users upgrade the version of Linkis to version 1.5.0
Affected packages (1)
- Maven/org.apache.linkis:linkisfrom 0, < 1.5.0
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM5.3 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
References (5)
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2023-50740
- PATCHhttps://github.com/apache/linkis
- WEBhttps://github.com/apache/linkis/commit/08cbcfca140afebae10e1582ee87721578719ded
- WEBhttps://lists.apache.org/thread/5o342chnpyd6rps68ygzfkzycxl998yo
- WEBhttp://www.openwall.com/lists/oss-security/2024/03/06/2