Login Sign Up

CVE-2023-46801

8.8 HIGH
Remote Code Execution Deserialization

📋 TL;DR

This vulnerability allows authenticated attackers to execute arbitrary code on Apache Linkis servers by exploiting Java deserialization when adding MySQL data sources. It affects Apache Linkis versions up to 1.5.0 running on Java versions older than 1.8.0_241. Attackers need valid Linkis credentials to exploit this vulnerability.

💻 Affected Systems

Products:
  • Apache Linkis
Versions: <= 1.5.0
Operating Systems: All operating systems running vulnerable Java versions
Default Config Vulnerable: ⚠️ Yes
Notes: Requires Java version < 1.8.0_241 and MySQL data source functionality

📦 What is this software?

Linkis by Apache

View all CVEs affecting Linkis →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full server compromise allowing attackers to execute arbitrary commands, steal data, install persistent backdoors, and pivot to other systems in the network.

🟠

Likely Case

Authenticated attackers with legitimate access can execute arbitrary code to exfiltrate sensitive data, modify configurations, or disrupt services.

🟢

If Mitigated

With proper network segmentation and access controls, impact is limited to the affected Linkis instance only.

🌐 Internet-Facing: MEDIUM
🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Exploitation requires authenticated access to Linkis and knowledge of Java deserialization attacks via JRMP

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 1.6.0

Vendor Advisory: https://lists.apache.org/thread/0dnzh64xy1n7qo3rgo2loz9zn7m9xgdx

Restart Required: Yes

Instructions:

1. Upgrade Apache Linkis to version 1.6.0 or later. 2. Alternatively, upgrade Java to version 1.8.0_241 or later. 3. Restart all Linkis services after upgrade.

🔧 Temporary Workarounds

Disable MySQL data source functionality

all

Temporarily disable the ability to add MySQL data sources in Linkis configuration

Modify Linkis configuration to remove or restrict MySQL data source modules

Upgrade Java runtime

linux

Upgrade Java to version 1.8.0_241 or later to mitigate the deserialization vulnerability

sudo apt-get update && sudo apt-get install openjdk-8-jdk
java -version

🧯 If You Can't Patch

  • Restrict network access to Linkis instances to only trusted users and systems
  • Implement strict access controls and monitor for unusual data source creation activities

🔍 How to Verify

Check if Vulnerable:

Check Linkis version with: linkis version command or check installation directory. Verify Java version with: java -version

Check Version:

java -version && check Linkis version in web UI or configuration files

Verify Fix Applied:

Confirm Linkis version is >= 1.6.0 and Java version is >= 1.8.0_241

📡 Detection & Monitoring

Log Indicators:

  • Unusual data source creation events
  • Java deserialization errors in logs
  • Unexpected process execution from Linkis services

Network Indicators:

  • JRMP connections to/from Linkis servers
  • Unusual outbound connections from Linkis instances

SIEM Query:

source="linkis.log" AND ("data source" OR "mysql" OR "deserialization")

📊 Metadata

CVE ID: CVE-2023-46801
CVSS v3 Score: 8.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-502
Published: July 15, 2024
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-46801, you might also want to check these:

CVE-2023-46604 10.0

CVE-2023-46604 is a critical remote code execution vulnerability in Apache ActiveMQ's Java OpenWire ...

Same vulnerability type (CWE-502)
CVE-2023-49772 10.0

This vulnerability allows unauthenticated attackers to execute arbitrary PHP code through deserializ...

Same vulnerability type (CWE-502)
CVE-2024-25100 10.0

This vulnerability allows unauthenticated attackers to inject malicious PHP objects via deserializat...

Same vulnerability type (CWE-502)