PT-2024-21717 · Apache · Apache Linkis

Superx

Published

2024-08-02

Updated

2024-08-16

CVE-2024-27182

CVSS v4.0

7.0

High

Vector

AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N

Name of the Vulnerable Software and Affected Versions Apache Linkis versions 1.5.0 and earlier

Description The issue allows arbitrary file deletion in Basic management services. A user with an administrator account could delete any file accessible by the Linkis system user.

Recommendations For Apache Linkis versions 1.5.0 and earlier, upgrade to version 1.6.0 to fix the issue. As a temporary workaround, consider restricting administrator account access to minimize the risk of exploitation.

Fix

Files Accessible to External Parties

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-552

Related Identifiers

CVE-2024-27182

GHSA-J6VX-R77H-44WC

Affected Products

Apache Linkis

PT-2024-21717 · Apache · Apache Linkis

CVE-2024-27182

Weakness Enumeration

Related Identifiers

Affected Products

References · 7