CVE-2023-50740

MEDIUM

Apache Linkis <=1.4.0 - Sensitive Information Disclosure in Oracle Data Source Logs

Title source: llm

Description

In Apache Linkis <=1.4.0, The password is printed to the log when using the Oracle data source of the Linkis data source module. We recommend users upgrade the version of Linkis to version 1.5.0

References (2)

Core 2

Core References

Mailing List

http://www.openwall.com/lists/oss-security/2024/03/06/2

Vendor Advisory vendor-advisory

https://lists.apache.org/thread/5o342chnpyd6rps68ygzfkzycxl998yo

Scores

CVSS v3 5.3

EPSS 0.0090

EPSS Percentile 54.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-532

Status published

Products (2)

apache/linkis < 1.5.0

org.apache.linkis/linkis 0 - 1.5.0Maven

Published Mar 06, 2024

Tracked Since Feb 18, 2026