Search criteria
2 vulnerabilities found for Apache Linkis Basic management services by Apache Software Foundation
CVE-2024-27182 (GCVE-0-2024-27182)
Vulnerability from cvelistv5 – Published: 2024-08-02 09:29 – Updated: 2025-03-27 15:48
VLAI?
Title
Apache Linkis Basic management services: Engine material management Arbitrary file deletion vulnerability
Summary
In Apache Linkis <= 1.5.0,
Arbitrary file deletion in Basic management services on
A user with an administrator account could delete any file accessible by the Linkis system user
.
Users are recommended to upgrade to version 1.6.0, which fixes this issue.
Severity ?
No CVSS data available.
CWE
- CWE-552 - Files or Directories Accessible to External Parties
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache Linkis Basic management services |
Affected:
1.3.2 , < 1.6.0
(maven)
|
Credits
superx
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-27182",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-02T13:55:06.669774Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-27T15:48:58.051Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T16:03:25.167Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2024/08/02/4"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://repo.maven.apache.org/maven2",
"defaultStatus": "unaffected",
"packageName": "org.apache.linkis:linkis-pes-publicservice",
"product": "Apache Linkis Basic management services",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThan": "1.6.0",
"status": "affected",
"version": "1.3.2",
"versionType": "maven"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "superx"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "In Apache Linkis \u0026lt;= 1.5.0,\n\nArbitrary file deletion in Basic management services on \n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA user with an administrator account could delete any file accessible by the Linkis system user\u003c/span\u003e\n\n.\u003cbr\u003eUsers are recommended to upgrade to version 1.6.0, which fixes this issue."
}
],
"value": "In Apache Linkis \u003c= 1.5.0,\n\nArbitrary file deletion in Basic management services on \n\nA user with an administrator account could delete any file accessible by the Linkis system user\n\n.\nUsers are recommended to upgrade to version 1.6.0, which fixes this issue."
}
],
"metrics": [
{
"other": {
"content": {
"text": "important"
},
"type": "Textual description of severity"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-552",
"description": "CWE-552 Files or Directories Accessible to External Parties",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-02T09:29:38.967Z",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://lists.apache.org/thread/2of1p433h8rbq2bx525rtftnk19oz38h"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Apache Linkis Basic management services: Engine material management Arbitrary file deletion vulnerability",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2024-27182",
"datePublished": "2024-08-02T09:29:33.391Z",
"dateReserved": "2024-02-21T03:05:04.990Z",
"dateUpdated": "2025-03-27T15:48:58.051Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-27182 (GCVE-0-2024-27182)
Vulnerability from nvd – Published: 2024-08-02 09:29 – Updated: 2025-03-27 15:48
VLAI?
Title
Apache Linkis Basic management services: Engine material management Arbitrary file deletion vulnerability
Summary
In Apache Linkis <= 1.5.0,
Arbitrary file deletion in Basic management services on
A user with an administrator account could delete any file accessible by the Linkis system user
.
Users are recommended to upgrade to version 1.6.0, which fixes this issue.
Severity ?
No CVSS data available.
CWE
- CWE-552 - Files or Directories Accessible to External Parties
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache Linkis Basic management services |
Affected:
1.3.2 , < 1.6.0
(maven)
|
Credits
superx
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-27182",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-02T13:55:06.669774Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-27T15:48:58.051Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T16:03:25.167Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2024/08/02/4"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://repo.maven.apache.org/maven2",
"defaultStatus": "unaffected",
"packageName": "org.apache.linkis:linkis-pes-publicservice",
"product": "Apache Linkis Basic management services",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThan": "1.6.0",
"status": "affected",
"version": "1.3.2",
"versionType": "maven"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "superx"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "In Apache Linkis \u0026lt;= 1.5.0,\n\nArbitrary file deletion in Basic management services on \n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA user with an administrator account could delete any file accessible by the Linkis system user\u003c/span\u003e\n\n.\u003cbr\u003eUsers are recommended to upgrade to version 1.6.0, which fixes this issue."
}
],
"value": "In Apache Linkis \u003c= 1.5.0,\n\nArbitrary file deletion in Basic management services on \n\nA user with an administrator account could delete any file accessible by the Linkis system user\n\n.\nUsers are recommended to upgrade to version 1.6.0, which fixes this issue."
}
],
"metrics": [
{
"other": {
"content": {
"text": "important"
},
"type": "Textual description of severity"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-552",
"description": "CWE-552 Files or Directories Accessible to External Parties",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-02T09:29:38.967Z",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://lists.apache.org/thread/2of1p433h8rbq2bx525rtftnk19oz38h"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Apache Linkis Basic management services: Engine material management Arbitrary file deletion vulnerability",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2024-27182",
"datePublished": "2024-08-02T09:29:33.391Z",
"dateReserved": "2024-02-21T03:05:04.990Z",
"dateUpdated": "2025-03-27T15:48:58.051Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}