Superx

Name of the Vulnerable Software and Affected Versions: Apache Zeppelin versions 0.10.1 through 0.12.0 Description: An attacker can utilize the raft server protocol without authentication, enabling access to server resources, including directories and files. Recommendations: Upgrade to version 0.12.0, which resolves the issue by removing the Cluster Interpreter.

**Name of the Vulnerable Software and Affected Versions** Apache Linkis versions 1.5.0 and earlier **Description** The issue allows a trusted account to escalate privileges in Basic management services, gaining access to Linkis's Token information. **Recommendations** For Apache Linkis versions 1.5.0 and earlier, upgrade to version 1.6.0 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Apache Linkis versions 1.5.0 and earlier **Description** The issue allows arbitrary file deletion in Basic management services. A user with an administrator account could delete any file accessible by the Linkis system user. **Recommendations** For Apache Linkis versions 1.5.0 and earlier, upgrade to version 1.6.0 to fix the issue. As a temporary workaround, consider restricting administrator account access to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** RuoYi versions 4.7.6 and below **Description** An arbitrary file download issue in the background management module allows attackers to download arbitrary files on the server. **Recommendations** For versions 4.7.6 and below, update to a version above 4.7.6 to resolve the issue. As a temporary workaround, consider restricting access to the background management module until a patch is available.