CVE-2023-50740

CWE-532 — Log File Information Exposure4 documents4 sources

Severity

5.3MEDIUM

EPSS

0.2%

top 62.72%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apache Software Foundation Apache Linkis Datasource Apache Linkis

Timeline

PublishedMar 6

Description

In Apache Linkis <=1.4.0, The password is printed to the log when using the Oracle data source of the Linkis data source module. We recommend users upgrade the version of Linkis to version 1.5.0

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages3 packages

▶CVEListV5apache_software_foundation/apache_linkis_datasource* — 1.5.0

▶NVDapache/linkis< 1.5.0

▶Mavenorg.apache.linkis:linkis< 1.5.0

🔴Vulnerability Details

CVEList

Apache Linkis DataSource: DataSource module Oracle SQL Database Password Logged↗2024-03-06

▶

OSV

Apache Linkis DataSource: DataSource module Oracle SQL Database Password Logged↗2024-03-06

▶

GHSA

Apache Linkis DataSource: DataSource module Oracle SQL Database Password Logged↗2024-03-06

▶