Lucene search

GoogleOSV:GHSA-J6VX-R77H-44WC

HistoryAug 02, 2024 - 12:31 p.m.

Apache Linkis arbitrary file deletion vulnerability

2024-08-0212:31:43

Google

osv.dev

apache linkis

file deletion

security issue

software vulnerability

CVSS3

4.9

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N

AI Score

6.7

Confidence

High

EPSS

0.001

Percentile

27.3%

JSON

In Apache Linkis <= 1.5.0, Arbitrary file deletion in Basic management services on a user with an administrator account could delete any file accessible by the Linkis system user. Users are recommended to upgrade to version 1.6.0, which fixes this issue.

References

github.com/apache/linkis

lists.apache.org/thread/2of1p433h8rbq2bx525rtftnk19oz38h

nvd.nist.gov/vuln/detail/CVE-2024-27182

CVSS3

4.9

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N

AI Score

6.7

Confidence

High

EPSS

0.001

Percentile

27.3%

JSON

Related for OSV:GHSA-J6VX-R77H-44WC