支持本站 — 捐款将帮助我们持续运营

目标:1000 元,已筹:736

73.6%
立即捐款
一、 漏洞 CVE-2025-29847 基础信息
漏洞信息
                                        # Apache Linkis 双URL编码文件读取漏洞

## 概述
Apache Linkis 的 JDBC 引擎在处理前端配置的 URL 参数时,若参数经过多轮 URL 编码,可能绕过系统检查,导致通过 JDBC 参数非法访问系统文件。

## 影响版本
- Apache Linkis 1.3.0 至 1.7.0(含)

## 细节
当使用 JDBC 引擎和数据源功能时,前端配置的 URL 参数若经过多次 URL 编码(如包含 `%` 字符),可绕过系统校验机制。攻击者可利用此缺陷构造恶意请求,通过 JDBC 连接参数读取本地系统文件。

## 影响
未经认证的远程攻击者可利用该漏洞读取服务器上的任意系统文件,存在信息泄露风险。

## 修复方案
- 持续检测连接信息中是否包含 `%` 字符,若存在则进行 URL 解码。
- 建议用户升级至 Apache Linkis 1.8.0 版本以修复此问题。
神龙判断

是否为 Web 类漏洞: 未知

判断理由:

N/A
提示
尽管我们采用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。
神龙会尽力确保数据准确,但也请结合实际情况进行甄别与判断。
神龙祝您一切顺利!
漏洞标题
Apache Linkis: Arbitrary File Read via Double URL Encoding Bypass
来源:美国国家漏洞数据库 NVD
漏洞描述信息
A vulnerability in Apache Linkis. Problem Description When using the JDBC engine and da When using the JDBC engine and data source functionality, if the URL parameter configured on the frontend has undergone multiple rounds of URL encoding, it may bypass the system's checks. This bypass can trigger a vulnerability that allows unauthorized access to system files via JDBC parameters. Scope of Impact This issue affects Apache Linkis: from 1.3.0 through 1.7.0. Severity level moderate Solution Continuously check if the connection information contains the "%" character; if it does, perform URL decoding. Users are recommended to upgrade to version 1.8.0, which fixes the issue. More questions about this vulnerability can be discussed here:  https://lists.apache.org/list?dev@linkis.apache.org:2025-9:cve
来源:美国国家漏洞数据库 NVD
CVSS信息
N/A
来源:美国国家漏洞数据库 NVD
漏洞类别
输入验证不恰当
来源:美国国家漏洞数据库 NVD
二、漏洞 CVE-2025-29847 的公开POC
#POC 描述源链接神龙链接
三、漏洞 CVE-2025-29847 的情报信息

  • 标题: CVE-2025-29847: Apache Linkis: Arbitrary File Read via Double URL Encoding Bypass-Apache Mail Archives -- 🔗来源链接

    标签:vendor-advisory

    神龙速读:
                                            - **CVE Identifier:** CVE-2025-29847
- **Vulnerability:** Apache Linkis: Arbitrary File Read via Double URL Encoding Bypass
- **Severity:** moderate
- **Affected versions:** Apache Linkis 1.3.0 through 1.7.0
- **Description:** A vulnerability is present in Apache Linkis that allows unauthorized access to system files via JDBC parameters due to a double URL encoding bypass in the JDBC engine and data source functionality.
- **Solution:** Continuously check the connection information for the "%" character. If present, perform URL decoding. Users are advised to upgrade to version 1.8.0, which resolves the issue.
- **Credit:** Discovered by Le1a and A1kaid from Threatbook. The analyst is kinghao. Le1a and kinghao also contributed to the remediation development and review.
- **References:** 
  - <https://linkis.apache.org>
  - <https://www.cve.org/CVERecord?id=CVE-2025-29847>
    CVE-2025-29847: Apache Linkis: Arbitrary File Read via Double URL Encoding Bypass-Apache Mail Archives
  • https://nvd.nist.gov/vuln/detail/CVE-2025-29847
四、漏洞 CVE-2025-29847 的评论

暂无评论

发表评论