Vulnerabilites related to Apache Software Foundation - Apache Linkis Basic management services
cve-2024-27182
Vulnerability from cvelistv5
Published
2024-08-02 09:29
Modified
2024-08-02 16:03
Severity ?
EPSS score ?
Summary
In Apache Linkis <= 1.5.0,
Arbitrary file deletion in Basic management services on
A user with an administrator account could delete any file accessible by the Linkis system user
.
Users are recommended to upgrade to version 1.6.0, which fixes this issue.
References
| ▼ | URL | Tags |
|---|---|---|
| https://lists.apache.org/thread/2of1p433h8rbq2bx525rtftnk19oz38h | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache Linkis Basic management services |
Version: 1.3.2 |
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-27182", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-08-02T13:55:06.669774Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-08-02T14:03:18.945Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T16:03:25.167Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { url: "http://www.openwall.com/lists/oss-security/2024/08/02/4", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { collectionURL: "https://repo.maven.apache.org/maven2", defaultStatus: "unaffected", packageName: "org.apache.linkis:linkis-pes-publicservice", product: "Apache Linkis Basic management services", vendor: "Apache Software Foundation", versions: [ { lessThan: "1.6.0", status: "affected", version: "1.3.2", versionType: "maven", }, ], }, ], credits: [ { lang: "en", type: "reporter", value: "superx", }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "In Apache Linkis <= 1.5.0,\n\nArbitrary file deletion in Basic management services on \n\n<span style=\"background-color: rgb(255, 255, 255);\">A user with an administrator account could delete any file accessible by the Linkis system user</span>\n\n.<br>Users are recommended to upgrade to version 1.6.0, which fixes this issue.", }, ], value: "In Apache Linkis <= 1.5.0,\n\nArbitrary file deletion in Basic management services on \n\nA user with an administrator account could delete any file accessible by the Linkis system user\n\n.\nUsers are recommended to upgrade to version 1.6.0, which fixes this issue.", }, ], metrics: [ { other: { content: { text: "important", }, type: "Textual description of severity", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-552", description: "CWE-552 Files or Directories Accessible to External Parties", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-08-02T09:29:38.967Z", orgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", shortName: "apache", }, references: [ { tags: [ "vendor-advisory", ], url: "https://lists.apache.org/thread/2of1p433h8rbq2bx525rtftnk19oz38h", }, ], source: { discovery: "UNKNOWN", }, title: "Apache Linkis Basic management services: Engine material management Arbitrary file deletion vulnerability", x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", assignerShortName: "apache", cveId: "CVE-2024-27182", datePublished: "2024-08-02T09:29:33.391Z", dateReserved: "2024-02-21T03:05:04.990Z", dateUpdated: "2024-08-02T16:03:25.167Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }