EUVD-2023-43509

Malicious code in bioql PyPI...

Arbitrary File Deletion

org.apache.linkis, linkis-common is vulnerable to Arbitrary File Deletion. The vulnerability is due to a defect in the Basic management services component which allows a user with an administrator account to delete any file accessible by the Linkis system user...

Apache Linkis vulnerable to privilege escalation

In Apache Linkis = 1.5.0, Privilege Escalation in Basic management services where the attacking user is a trusted account allows access to Linkis's Token information. Users are advised to upgrade to version 1.6.0, which fixes this issue...

GHSA-V352-RG37-5Q5M Apache Linkis vulnerable to privilege escalation

In Apache Linkis = 1.5.0, Privilege Escalation in Basic management services where the attacking user is a trusted account allows access to Linkis's Token information. Users are advised to upgrade to version 1.6.0, which fixes this issue...

CVE-2024-27182

CVE-2024-27182 affects Apache Linkis

CVE-2024-27181

CVE-2024-27181 affects Apache Linkis prior to 1.6.0. The issue is privilege escalation in the Basic management services where an attacker with a trusted account can access Linkis token information, elevating privileges. The root cause is elevation of privilege through trusted-account access to se...