CVE-2023-27602 – This vulnerability in Apache Linkis allows unau... (How to Fix)

Q: How do I fix CVE-2023-27602?

1. Download Apache Linkis version 1.3.2 from official sources. 2. Stop all Linkis services. 3. Backup configuration and data. 4. Replace existing installation with version 1.3.2. 5. Restart all Linkis services.

Q: What is the severity of CVE-2023-27602?

CVE-2023-27602 has a CVSS score of 9.8 (CRITICAL). This vulnerability in Apache Linkis allows unauthenticated attackers to upload arbitrary files to any location on the server due to insufficient path validation in the PublicService module. This affects all Apache Linkis deployments running versions 1.3.1 and earlier. Attackers can potentially overwrite critical system files or upload malicious scripts.

📋 TL;DR

This vulnerability in Apache Linkis allows unauthenticated attackers to upload arbitrary files to any location on the server due to insufficient path validation in the PublicService module. This affects all Apache Linkis deployments running versions 1.3.1 and earlier. Attackers can potentially overwrite critical system files or upload malicious scripts.

💻 Affected Systems

Products:

Apache Linkis

Versions: <=1.3.1

Operating Systems: All

Default Config Vulnerable: ⚠️ Yes

Notes: All default installations of affected versions are vulnerable unless file path checks are explicitly enabled.

📦 What is this software?

Linkis by Apache

View all CVEs affecting Linkis →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise via remote code execution by overwriting system files or uploading webshells, leading to data theft, service disruption, or lateral movement.

🟠

Likely Case

File system manipulation allowing data corruption, denial of service by overwriting critical files, or privilege escalation through malicious file uploads.

🟢

If Mitigated

Limited impact with proper file path validation enabled, restricting uploads to authorized directories only.

🌐 Internet-Facing: HIGH

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

The vulnerability requires no authentication and exploitation is straightforward via file upload requests with malicious paths.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 1.3.2

Vendor Advisory: https://lists.apache.org/thread/wt70jfc0yfs6s5g0wg5dr5klnc48nsp1

Restart Required: Yes

Instructions:

1. Download Apache Linkis version 1.3.2 from official sources. 2. Stop all Linkis services. 3. Backup configuration and data. 4. Replace existing installation with version 1.3.2. 5. Restart all Linkis services.

🔧 Temporary Workarounds

Enable File Path Validation

all

Enable file path checking in linkis.properties configuration to restrict upload locations

echo 'wds.linkis.workspace.filesystem.owner.check=true' >> linkis.properties
echo 'wds.linkis.workspace.filesystem.path.check=true' >> linkis.properties

🧯 If You Can't Patch

Implement network segmentation to isolate Linkis instances from critical systems
Deploy web application firewall (WAF) rules to block malicious file upload patterns

🔍 How to Verify

Check if Vulnerable:

Check Linkis version via web interface or configuration files. If version <=1.3.1 and file path checks are disabled, system is vulnerable.

Check Version:

grep 'linkis.version' linkis.properties or check Linkis web interface version endpoint

Verify Fix Applied:

Verify Linkis version is 1.3.2 or higher, and confirm file path validation is enabled in linkis.properties.

📡 Detection & Monitoring

Log Indicators:

Unusual file upload patterns to non-standard paths
Multiple failed upload attempts with suspicious path parameters
File operations outside expected workspace directories

Network Indicators:

HTTP POST requests to upload endpoints with path traversal sequences (../)
Unusual file upload traffic to Linkis PublicService endpoints

SIEM Query:

source="linkis.log" AND ("file.upload" OR "PublicService") AND (path="*../*" OR path="*/..*")

📊 Metadata

CVE ID: CVE-2023-27602

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-434

Published: April 10, 2023

Last Updated: February 13, 2025

🔗 References

http://www.openwall.com/lists/oss-security/2023/04/10/1 Mailing List,Third Party Advisory
http://www.openwall.com/lists/oss-security/2023/04/18/4
http://www.openwall.com/lists/oss-security/2023/04/19/3
https://lists.apache.org/thread/wt70jfc0yfs6s5g0wg5dr5klnc48nsp1 Mailing List,Vendor Advisory
http://www.openwall.com/lists/oss-security/2023/04/10/1 Mailing List,Third Party Advisory
http://www.openwall.com/lists/oss-security/2023/04/18/4
http://www.openwall.com/lists/oss-security/2023/04/19/3
https://lists.apache.org/thread/wt70jfc0yfs6s5g0wg5dr5klnc48nsp1 Mailing List,Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-27602, you might also want to check these: