CVE-2024-27182

CWE-552Files Accessible to External Parties4 documents4 sources
Severity
4.9MEDIUM
EPSS
0.2%
top 54.17%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Apache Software Foundation Apache Linkis Basic Management ServicesApache Linkis
Timeline
PublishedAug 2

Description

In Apache Linkis <= 1.5.0, Arbitrary file deletion in Basic management services on A user with an administrator account could delete any file accessible by the Linkis system user . Users are recommended to upgrade to version 1.6.0, which fixes this issue.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:NExploitability: 1.2 | Impact: 3.6

Affected Packages3 packages

NVDapache/linkis1.3.21.6.0

🔴Vulnerability Details

3
CVEList
Apache Linkis Basic management services: Engine material management Arbitrary file deletion vulnerability2024-08-02
GHSA
Apache Linkis arbitrary file deletion vulnerability2024-08-02
OSV
Apache Linkis arbitrary file deletion vulnerability2024-08-02
CVE-2024-27182 (MEDIUM CVSS 4.9) | In Apache Linkis <= 1.5.0 | cvebase.io