Apache Linkis gateway module token authentication bypass
Description
In Apache Linkis <=1.3.1, due to the default token generated by Linkis Gateway deployment being too simple, it is easy for attackers to obtain the default token for the attack. Generation rules should add random values.
We recommend users upgrade the version of Linkis to version 1.3.2 And modify the default token value. You can refer to Token authorization[1] https://linkis.apache.org/docs/latest/auth/token https://linkis.apache.org/docs/latest/auth/token
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
In Apache Linkis <=1.3.1, the default token generated by Gateway is too simple, allowing attackers to bypass authentication.
Vulnerability
Description
In Apache Linkis versions up to and including 1.3.1, the default token generated by the Gateway deployment uses a predictable generation rule without sufficient randomness [1][2]. This makes it easy for attackers to guess or obtain the default token, bypassing the intended token authentication mechanism [4].
Exploitation
An attacker can exploit this by sending HTTP requests to the Linkis Gateway with the guessed default token in the Token-Code header or cookie [3]. No prior authentication or special network position is required, as the Gateway is typically exposed to external networks. The token is static by default, allowing repeated use until changed [4].
Impact
Successful exploitation grants the attacker unauthorized access to the Linkis Gateway, enabling them to submit jobs to underlying data engines (e.g., Spark, Hive) and potentially access sensitive data or execute arbitrary commands within the context of the token's configured user [1][2].
Mitigation
The issue is addressed in Apache Linkis version 1.3.2, which enforces random token generation [2][4]. Users are strongly advised to upgrade to 1.3.2 and also manually modify the default token value. Refer to the token authorization documentation for configuration guidance [3].
- GitHub - apache/linkis: Apache Linkis builds a computation middleware layer to facilitate connection, governance and orchestration between the upper applications and the underlying data engines.
- NVD - CVE-2023-27987
- Token | Apache Linkis
- security - CVE-2023-27987: Apache Linkis gateway module token authentication bypass
AI Insight generated on May 20, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
org.apache.linkis:linkisMaven | < 1.3.2 | 1.3.2 |
Affected products
2- Apache Software Foundation/Apache Linkisv5Range: 0
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
5- github.com/advisories/GHSA-4x5h-xmv4-99wxghsaADVISORY
- lists.apache.org/thread/3cr1cz3210wzwngldwrqzm43vwhghp0pghsavendor-advisorymailing-listWEB
- nvd.nist.gov/vuln/detail/CVE-2023-27987ghsaADVISORY
- linkis.apache.org/docs/latest/auth/tokenghsaWEB
- www.openwall.com/lists/oss-security/2023/04/10/3ghsaWEB
News mentions
0No linked articles in our index yet.