Apache Linkis patched several important security vulnerabilities

Apache Linkis is a popular computation middleware that bridges the gap between upper applications and underlying engines, enabling seamless access to engines such as MySQL, Spark, Hive, Presto, and Flink. However, recent discoveries have exposed several important security vulnerabilities in Apache Linkis that need to be addressed in order to ensure the continued safety and integrity of users’ data and systems.

1. Unrestricted File Upload in Apache Linkis PublicService Module (CVE-2023-27602)

In Apache Linkis versions <=1.3.1, the PublicService module uploads files without restrictions on the path to the uploaded files and file types. This vulnerability could be exploited to compromise the integrity of users’ systems.

To address this issue, it is recommended to upgrade to Apache Linkis version 1.3.2. For versions <=1.3.1, users should enable file path checks in the linkis.properties file with the following settings:

wds.linkis.workspace.filesystem.owner.check=true
wds.linkis.workspace.filesystem.path.check=true

2. Zip Slip Vulnerability in Apache Linkis Manager Module (CVE-2023-27603)

The Manager module in Apache Linkis <=1.3.1 suffers from a Zip Slip vulnerability due to a lack of proper zip path checks in the engineConn material upload. This could potentially lead to a remote code execution (RCE) vulnerability.

To mitigate this risk, users are advised to upgrade to Apache Linkis version 1.3.2.

3. Deserialization Command Execution in Apache Linkis JDBC EngineConn (CVE-2023-29215)

Apache Linkis versions <=1.3.1 are vulnerable to a deserialization command execution vulnerability in the JDBC EngineConn module due to insufficient parameter filtering. An attacker exploiting this vulnerability could gain remote code execution capabilities.

To protect against this vulnerability, users should upgrade to Apache Linkis version 1.3.2.

4. Deserialization Command Execution in Apache Linkis DatasourceManager Module (CVE-2023-29216)

In Apache Linkis <=1.3.1, insufficient parameter filtering in the DatasourceManager module allows an attacker to use a malicious MySQL data source and parameters to trigger a deserialization vulnerability, ultimately leading to remote code execution.

To safeguard against this vulnerability, users should upgrade to Apache Linkis version 1.3.2.

5. Token Authentication Bypass in Apache Linkis Gateway Module (CVE-2023-27987)

Apache Linkis versions <=1.3.1 feature a default token generated by the Linkis Gateway deployment that is too simplistic, making it easy for attackers to obtain the default token and exploit it.

To resolve this issue, users should upgrade to Apache Linkis version 1.3.2 and modify the default token value according to the recommended Token authorization guidelines.

The recent discovery of multiple security vulnerabilities in Apache Linkis underscores the importance of staying up-to-date with the latest patches and upgrades.