Lucene search
K

8 matches found

OSV
OSV
added 2025/07/16 7:50 a.m.4 views

BIT-APISIX-2025-27446 Apache APISIX Java Plugin Runner: Local listening file permissions in APISIX plugin runner allow a local attacker to elevate privileges

Incorrect Permission Assignment for Critical Resource vulnerability in Apache APISIXjava-plugin-runner. Local listening file permissions in APISIX plugin runner allow a local attacker to elevate privileges. This issue affects Apache APISIXjava-plugin-runner: from 0.2.0 through 0.5.0. Users are...

7.8CVSS6.2AI score0.00172EPSS
Exploits0References4
CNVD
CNVD
added 2025/07/11 12:0 a.m.4 views

Apache Apisix elevation of privilege vulnerability (CNVD-2025-20873)

Apache Apisix is a cloud-native microservices API gateway service of the U.S. Apache Apache Foundation. The software is based on OpenResty and etcd to realize , with dynamic routing and plug-in hot loading , suitable for microservice system under the API management . An elevation of privilege...

7.8CVSS6.9AI score0.00172EPSS
Exploits0References1
Snyk
Snyk
added 2025/07/06 6:40 a.m.2 views

Incorrect Permission Assignment for Critical Resource

Overview Affected versions of this package are vulnerable to Incorrect Permission Assignment for Critical Resource due to improper assignment of permissions to the local listening file. An attacker can gain elevated privileges by accessing or modifying the file with insufficiently restricted...

8.5CVSS6.8AI score0.00172EPSS
Exploits0References2
CVE
CVE
added 2025/07/06 6:5 a.m.45 views

CVE-2025-27446

CVE-2025-27446 affects Apache APISIX (java-plugin-runner) from version 0.2.0 through 0.5.0. The root cause is improper permissions on a local listening file, enabling a local attacker to elevate privileges. The issue’s impact is high (local, user-privilege escalation with high confidentiality/int...

7.8CVSS6.4AI score0.00172EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2025/07/06 6:5 a.m.4 views

CVE-2025-27446 Apache APISIX Java Plugin Runner: Local listening file permissions in APISIX plugin runner allow a local attacker to elevate privileges

Incorrect Permission Assignment for Critical Resource vulnerability in Apache APISIXjava-plugin-runner. Local listening file permissions in APISIX plugin runner allow a local attacker to elevate privileges. This issue affects Apache APISIXjava-plugin-runner: from 0.2.0 through 0.5.0. Users are...

7.8CVSS6.1AI score0.00172EPSS
Exploits0References6
CNNVD
CNNVD
added 2025/07/06 12:0 a.m.7 views

Apache Apisix 安全漏洞

Apache Apisix is a cloud-native microservices API gateway service of the U.S. Apache Apache Foundation. The software is based on OpenResty and etcd to realize , with dynamic routing and plug-in hot loading , suitable for microservice system under the API management . An elevation of privilege...

7.8CVSS6.8AI score0.00172EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/07/06 12:0 a.m.8 views

PT-2025-28065 · Apache · Apache Apisix

Name of the Vulnerable Software and Affected Versions: Apache APISIXjava-plugin-runner versions 0.2.0 through 0.5.0 Description: The issue is related to incorrect permission assignment for critical resources in the Apache APISIX java-plugin-runner, allowing a local attacker to elevate privileges...

7.8CVSS6.1AI score0.00172EPSS
Exploits0References10
vulnersOsv
vulnersOsv
added 2022/01/28 10:54 p.m.5 views

@garment/plugin-runner-publish (>=0.13.7 <=0.18.0), bower-npm-resolver (=0.11.0) +4 more potentially affected by CVE-2022-0355 via simple-get (=3.0.3)

simple-get NPM version =3.0.3 is affected by a known vulnerability. The following packages have a transitive dependency on simple-get and may be impacted: - @garment/plugin-runner-publish =0.13.7, =3.2.4, =2.0.3, =2.0.5 Source cves: CVE-2022-0355 Source advisory: OSV:GHSA-WPG7-2C88-R8XV...

8.8CVSS7.1AI score0.02024EPSS
Exploits1
Rows per page
Query Builder