File Reading Vulnerability in Apache Linkis DataSource Manager Module

CVE-2024-45627

Summary

A vulnerability exists in the DataSource Manager Module of Apache Linkis versions prior to 1.7.0, whereby insufficient filtering of input parameters may allow an attacker with valid authorized access to configure malicious MySQL JDBC parameters. This configuration can enable the attacker to read arbitrary files from the Linkis server, potentially leading to unauthorized information disclosure. To mitigate this risk, it is recommended that users update to Linkis version 1.7.0 or above, where proper parameter blacklisting has been implemented to enhance security.

References