Primary

Context

Apache Linkis Password Exposure Vulnerability

Vulnerability

Patched

A vulnerability in Apache Linkis versions 1.0.0 through 1.7.0 allows for the exposure of sensitive information, such as plaintext passwords and Hive Metastore keys, in log files. This occurs when the Base64 decoding function in 'org.apache.linkis.metadata.util.HiveUtils' fails to decode an invalid string. The error is logged with the original string, which can leak sensitive data if the log is accessible to users other than the administrators of 'hive-site.xml'.

Impact

The vulnerability leads to unauthorized information leakage of sensitive data, including passwords and Hive Metastore keys, into log files.

Remediation

Users are advised to upgrade to Apache Linkis version 1.8.0 or later, which addresses this vulnerability by sanitizing the logged error messages. The updated version can be obtained from the Apache Linkis official website.

Added: Jan 19, 2026, 9:20 AM

Updated: Jan 19, 2026, 10:22 AM

Vulnerability Rating

Custom Algorithm

spread

0.8

impact

2.5

exploitability

3.4

remediation

7.7

relevance

2.1

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.8

impact

2.5

exploitability

3.4

remediation

7.7

relevance

2.1

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Apache Linkis Password Exposure Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Apache Linkis

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating