CVE-2022-44644 - OpenCVE

In Apache Linkis <=1.3.0 when used with the MySQL Connector/J in the data source module, an authenticated attacker could read arbitrary local files by connecting a rogue MySQL server, By adding allowLoadLocalInfile to true in the JDBC parameter. Therefore, the parameters in the JDBC URL should be blacklisted. Versions of Apache Linkis <= 1.3.0 will be affected. We recommend users upgrade the version of Linkis to version 1.3.1

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Apache	Linkis

Configuration 1 [-]

cpe:2.3:a:apache:linkis:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://lists.apache.org/thread/hwq9ytq6y1kdh9lz5znptkcrdll9x85h

History

No history.

MITRE

Status: PUBLISHED

Assigner: apache

Published: 2023-01-31T09:40:52.676Z

Updated: 2024-08-03T13:54:03.937Z

Reserved: 2022-11-03T08:44:03.767Z

Link: CVE-2022-44644

Vulnrichment

No data.

NVD

Status : Modified

Published: 2023-01-31T10:15:09.233

Modified: 2023-11-07T03:54:22.980

Link: CVE-2022-44644

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2022-44644", "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "state": "PUBLISHED", "assignerShortName": "apache", "dateReserved": "2022-11-03T08:44:03.767Z", "datePublished": "2023-01-31T09:40:52.676Z", "dateUpdated": "2024-08-03T13:54:03.937Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Apache Linkis (incubating)", "vendor": "Apache Software Foundation", "versions": [{"lessThan": "1.3.1", "status": "affected", "version": "0", "versionType": "maven"}]}], "credits": [{"lang": "en", "type": "reporter", "value": "Department of Cyber Security Research (Jumbo, Unc1e), Beijing Zhiqian Technology Co., LTD"}, {"lang": "en", "type": "reporter", "value": "s3gundo of Hundsun Tech "}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "In Apache Linkis <=1.3.0 when used with the MySQL Connector/J in the data source module, an authenticated attacker could read arbitrary local files by connecting a rogue MySQL server, By adding allowLoadLocalInfile to true in the JDBC parameter. Therefore, the parameters in the JDBC URL should be blacklisted. Versions of Apache Linkis <= 1.3.0 will be affected. <br><br><span style=\"background-color: rgb(255, 255, 255);\">We recommend users upgrade the version of Linkis to version 1.3.1</span><br>"}], "value": "In Apache Linkis <=1.3.0 when used with the MySQL Connector/J in the data source module, an authenticated attacker could read arbitrary local files by connecting a rogue MySQL server, By adding allowLoadLocalInfile to true in the JDBC parameter. Therefore, the parameters in the JDBC URL should be blacklisted. Versions of Apache Linkis <= 1.3.0 will be affected.\u00a0\n\nWe recommend users upgrade the version of Linkis to version 1.3.1\n"}], "metrics": [{"other": {"content": {"text": "important"}, "type": "Textual description of severity"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-20", "description": "CWE-20 Improper Input Validation", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "shortName": "apache", "dateUpdated": "2023-03-15T08:36:52.828Z"}, "references": [{"tags": ["vendor-advisory"], "url": "https://lists.apache.org/thread/hwq9ytq6y1kdh9lz5znptkcrdll9x85h"}], "source": {"discovery": "UNKNOWN"}, "title": "Apache Linkis (incubating): The DatasourceManager module has a Local File Read Vulnerability", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T13:54:03.937Z"}, "title": "CVE Program Container", "references": [{"tags": ["vendor-advisory", "x_transferred"], "url": "https://lists.apache.org/thread/hwq9ytq6y1kdh9lz5znptkcrdll9x85h"}]}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:apache:linkis:*:*:*:*:*:*:*:*", "matchCriteriaId": "470910AB-1B29-4C8C-9C03-FD4A3C233523", "versionEndIncluding": "1.3.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In Apache Linkis <=1.3.0 when used with the MySQL Connector/J in the data source module, an authenticated attacker could read arbitrary local files by connecting a rogue MySQL server, By adding allowLoadLocalInfile to true in the JDBC parameter. Therefore, the parameters in the JDBC URL should be blacklisted. Versions of Apache Linkis <= 1.3.0 will be affected.\u00a0\n\nWe recommend users upgrade the version of Linkis to version 1.3.1\n"}, {"lang": "es", "value": "En Apache Linkis <=1.3.0, cuando se usa con MySQL Connector/J en el m\u00f3dulo de fuente de datos, un atacante autenticado podr\u00eda leer archivos locales arbitrarios conectando un servidor MySQL no autorizado, agregando enableLoadLocalInfile a verdadero en el par\u00e1metro JDBC. Por lo tanto, los par\u00e1metros en la URL de JDBC deben estar en la lista negra. Las versiones de Apache Linkis <=1.3.0 se ver\u00e1n afectadas. Recomendamos a los usuarios actualizar la versi\u00f3n de Linkis a la versi\u00f3n 1.3.1"}], "id": "CVE-2022-44644", "lastModified": "2023-11-07T03:54:22.980", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-01-31T10:15:09.233", "references": [{"source": "security@apache.org", "tags": ["Mailing List", "Vendor Advisory"], "url": "https://lists.apache.org/thread/hwq9ytq6y1kdh9lz5znptkcrdll9x85h"}], "sourceIdentifier": "security@apache.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "security@apache.org", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-20"}], "source": "nvd@nist.gov", "type": "Secondary"}]}