Vulnerability Description
In Apache Linkis <=1.4.0, The password is printed to the log when using the Oracle data source of the Linkis data source module. We recommend users upgrade the version of Linkis to version 1.5.0
CVSS Score
5.3
MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Apache | Linkis | < 1.5.0 |
Related Weaknesses (CWE)
References
- http://www.openwall.com/lists/oss-security/2024/03/06/2Mailing List
- https://lists.apache.org/thread/5o342chnpyd6rps68ygzfkzycxl998yoVendor Advisory
- http://www.openwall.com/lists/oss-security/2024/03/06/2Mailing List
- https://lists.apache.org/thread/5o342chnpyd6rps68ygzfkzycxl998yoVendor Advisory
FAQ
What is CVE-2023-50740?
CVE-2023-50740 is a vulnerability with a CVSS score of 5.3 (MEDIUM). In Apache Linkis <=1.4.0, The password is printed to the log when using the Oracle data source of the Linkis data source module. We recommend users upgrade the version of Linkis to version 1.5.0
How severe is CVE-2023-50740?
CVE-2023-50740 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-50740?
Check the references section above for vendor advisories and patch information. Affected products include: Apache Linkis.