Login Sign Up

CVE-2023-27987

9.1 CRITICAL
Authentication Bypass

📋 TL;DR

Apache Linkis versions up to 1.3.1 use a default authentication token that is too simple and predictable, allowing attackers to easily guess or obtain it. This vulnerability enables unauthorized access to the Linkis Gateway, potentially compromising the entire data processing platform. All deployments using default configurations are affected.

💻 Affected Systems

Products:
  • Apache Linkis
Versions: <= 1.3.1
Operating Systems: All
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects deployments using default token configuration. Custom token deployments are not vulnerable.

📦 What is this software?

Linkis by Apache

View all CVEs affecting Linkis →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise allowing attackers to execute arbitrary code, access sensitive data, and take control of the entire Linkis data processing environment.

🟠

Likely Case

Unauthorized access to Linkis Gateway leading to data exfiltration, service disruption, and privilege escalation within the data platform.

🟢

If Mitigated

Minimal impact if custom strong tokens are already configured or if network access is properly restricted.

🌐 Internet-Facing: HIGH - Internet-facing instances are directly vulnerable to token guessing attacks.
🏢 Internal Only: MEDIUM - Internal instances are still vulnerable to insider threats or compromised internal systems.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Exploitation requires guessing or obtaining the default token, which is trivial due to its simplicity.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 1.3.2

Vendor Advisory: https://lists.apache.org/thread/3cr1cz3210wzwngldwrqzm43vwhghp0p

Restart Required: Yes

Instructions:

1. Upgrade Apache Linkis to version 1.3.2 or later. 2. Modify the default token value in configuration. 3. Restart Linkis services. 4. Refer to Token authorization documentation at https://linkis.apache.org/docs/latest/auth/token

🔧 Temporary Workarounds

Change Default Token

all

Manually configure a strong, random token instead of using the default

Edit linkis.properties: set wds.linkis.gateway.access.token=<strong_random_token>
Restart Linkis Gateway service

🧯 If You Can't Patch

  • Implement network segmentation to restrict access to Linkis Gateway
  • Deploy Web Application Firewall (WAF) with authentication bypass protection

🔍 How to Verify

Check if Vulnerable:

Check if using Linkis version <=1.3.1 with default token configuration

Check Version:

Check Linkis version in web interface or configuration files

Verify Fix Applied:

Verify Linkis version is >=1.3.2 and custom token is configured in linkis.properties

📡 Detection & Monitoring

Log Indicators:

  • Failed authentication attempts with default tokens
  • Unauthorized access patterns to Gateway endpoints

Network Indicators:

  • Unusual API calls to Linkis Gateway without proper authentication

SIEM Query:

source="linkis" AND (event_type="authentication_failure" OR event_type="unauthorized_access")

📊 Metadata

CVE ID: CVE-2023-27987
CVSS v3 Score: 9.1 (CRITICAL)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
CWE: CWE-326
Published: April 10, 2023
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-27987, you might also want to check these:

CVE-2021-42216 9.8

CVE-2021-42216 is a critical cryptographic vulnerability in AnonAddy email forwarding service that a...

Same vulnerability type (CWE-326)
CVE-2025-7398 9.1

Brocade ASCG versions before 3.3.0 use medium-strength cryptography algorithms on internal ports 900...

Same vulnerability type (CWE-326)
CVE-2025-45765 9.1

CVE-2025-45765 is a weak encryption vulnerability in ruby-jwt v3.0.0.beta1 that allows attackers to ...

Same vulnerability type (CWE-326)