CVE-2023-50740

In Apache Linkis <=1.4.0, The password is printed to the log when using the Oracle data source of the Linkis data source module.
We recommend users upgrade the version of Linkis to version 1.5.0
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5.3 MEDIUM
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
apacheCNA
---
---
CISA-ADPADP
5.3 MEDIUM
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 37%
VendorProductVersion
apachelinkis
𝑥
< 1.5.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www.openwall.com/lists/oss-security/2024/03/06/2
https://lists.apache.org/thread/5o342chnpyd6rps68ygzfkzycxl998yo
http://www.openwall.com/lists/oss-security/2024/03/06/2
https://lists.apache.org/thread/5o342chnpyd6rps68ygzfkzycxl998yo