Lucene search

GitHub Advisory DatabaseGHSA-J6VX-R77H-44WC

HistoryAug 02, 2024 - 12:31 p.m.

Apache Linkis arbitrary file deletion vulnerability

2024-08-0212:31:43

CWE-552

GitHub Advisory Database

github.com

apache linkis

file deletion

security vulnerability

version 1.6.0

upgrade

CVSS3

4.9

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N

AI Score

6.7

Confidence

High

EPSS

0.001

Percentile

27.3%

JSON

In Apache Linkis <= 1.5.0, Arbitrary file deletion in Basic management services on a user with an administrator account could delete any file accessible by the Linkis system user. Users are recommended to upgrade to version 1.6.0, which fixes this issue.

Affected configurations

Vulners

Node

org.apache.linkislinkisRange<1.6.0

VendorProductVersionCPE
org.apache.linkislinkis*cpe:2.3:a:org.apache.linkis:linkis:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
org.apache.linkis	linkis	*	cpe:2.3:a:org.apache.linkis:linkis::::::::

References

github.com/advisories/GHSA-j6vx-r77h-44wc

lists.apache.org/thread/2of1p433h8rbq2bx525rtftnk19oz38h

nvd.nist.gov/vuln/detail/CVE-2024-27182

CVSS3

4.9

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N

AI Score

6.7

Confidence

High

EPSS

0.001

Percentile

27.3%

JSON

Related for GHSA-J6VX-R77H-44WC