Lucene search

GoogleOSV:CVE-2024-27182

HistoryAug 02, 2024 - 10:16 a.m.

CVE-2024-27182

2024-08-0210:16:00

Google

osv.dev

arbitrary file deletion

apache linkis

management services

version 1.6.0 upgrade

CVSS3

4.9

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N

AI Score

Confidence

Low

EPSS

0.001

Percentile

27.3%

JSON

In Apache Linkis <= 1.5.0,

Arbitrary file deletion in Basic management services on

A user with an administrator account could delete any file accessible by the Linkis system user

.
Users are recommended to upgrade to version 1.6.0, which fixes this issue.

References

lists.apache.org/thread/2of1p433h8rbq2bx525rtftnk19oz38h

CVSS3

4.9

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N

AI Score

Confidence

Low

EPSS

0.001

Percentile

27.3%

JSON

Related for OSV:CVE-2024-27182