CVE-2023-50740
Apache Linkis DataSource: DataSource module Oracle SQL Database Password Logged
5.3
MEDIUM
CVSS 3.1
EPSS 0.16%
Description
In Apache Linkis <=1.4.0, The password is printed to the log when using the Oracle data source of the Linkis data source module. We recommend users upgrade the version of Linkis to version 1.5.0
How to fix CVE-2023-50740
To remediate CVE-2023-50740, upgrade the affected package to a fixed version below.
- —upgrade to 1.5.0 or later
Is CVE-2023-50740 being exploited?
Low — EPSS is 0.2%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- from 0, < 1.5.0
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM5.3 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |