CVE-2024-27182 Apache Linkis Basic management services: Engine material management Arbitrary file deletion vulnerability

2024-08-0209:29:33

CWE-552

apache

github.com

apache

linkis

management services

arbitrary file deletion

vulnerability

upgrade

AI Score

6.8

Confidence

Low

EPSS

0.001

Percentile

27.3%

SSVC

Exploitation

none

Automatable

Technical Impact

partial

JSON

In Apache Linkis <= 1.5.0,

Arbitrary file deletion in Basic management services on

A user with an administrator account could delete any file accessible by the Linkis system user

.
Users are recommended to upgrade to version 1.6.0, which fixes this issue.

CNA Affected

[
  {
    "vendor": "Apache Software Foundation",
    "product": "Apache Linkis  Basic management services",
    "versions": [
      {
        "status": "affected",
        "version": "1.3.2",
        "lessThan": "1.6.0",
        "versionType": "maven"
      }
    ],
    "packageName": "org.apache.linkis:linkis-pes-publicservice",
    "collectionURL": "https://repo.maven.apache.org/maven2",
    "defaultStatus": "unaffected"
  }
]