Lucene search

Veracode Vulnerability DatabaseVERACODE:48366

HistoryAug 05, 2024 - 4:53 a.m.

Arbitrary File Deletion

2024-08-0504:53:13

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

arbitrary file deletion

org.apache.linkis

linkis-common

basic management services

administrator account

CVSS3

4.9

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N

AI Score

6.6

Confidence

Low

EPSS

0.001

Percentile

27.3%

JSON

org.apache.linkis, linkis-common is vulnerable to Arbitrary File Deletion. The vulnerability is due to a defect in the Basic management services component which allows a user with an administrator account to delete any file accessible by the Linkis system user.

References

github.com/advisories/GHSA-j6vx-r77h-44wc

lists.apache.org/thread/2of1p433h8rbq2bx525rtftnk19oz38h

CVSS3

4.9

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N

AI Score

6.6

Confidence

Low

EPSS

0.001

Percentile

27.3%

JSON

Related for VERACODE:48366