CVE-2025-59355

CWE-532Log File Information Exposure5 documents5 sources
Severity
6.5MEDIUM
EPSS
0.0%
top 85.47%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Apache LinkisApache Software Foundation Apache Linkis
Timeline
PublishedJan 19

Description

A vulnerability. When org.apache.linkis.metadata.util.HiveUtils.decode() fails to perform Base64 decoding, it records the complete input parameter string in the log via logger.error(str + "decode failed", e). If the input parameter contains sensitive information such as Hive Metastore keys, plaintext passwords will be left in the log files when decoding fails, resulting in information leakage. Affected Scope Component: Sensitive fields in hive-site.xml (e.g., javax.jdo.option.ConnectionPasswo

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages3 packages

Mavenorg.apache.linkis:linkis-metadata1.0.01.8.0
NVDapache/linkis1.0.01.8.0
CVEListV5apache_software_foundation/apache_linkis1.0.01.7.0

🔴Vulnerability Details

3
GHSA
Apache Linkis: Password Exposure2026-01-19
OSV
Apache Linkis: Password Exposure2026-01-19
CVEList
Apache Linkis: Password Exposure2026-01-19

🕵️Threat Intelligence

1
Wiz
CVE-2025-59355 Impact, Exploitability, and Mitigation Steps | Wiz
CVE-2025-59355 (MEDIUM CVSS 6.5) | A vulnerability | cvebase.io