CVE-2024-27182

Aug. 2, 2024, 12:59 p.m.

None
No Score

Description

In Apache Linkis <= 1.5.0, Arbitrary file deletion in Basic management services on A user with an administrator account could delete any file accessible by the Linkis system user . Users are recommended to upgrade to version 1.6.0, which fixes this issue.

Product(s) Impacted

Product Versions
Apache Linkis
  • <= 1.5.0

Weaknesses

CWE-552
Files or Directories Accessible to External Parties
The product makes files or directories accessible to unauthorized actors, even though they should not be.

References

https://lists.apache.org/thread/2of1p433h8rbq2bx525rtftnk19oz38h

Tags

security@apache.org
CWE-552
2024-08-02
CVE-2024-27182

Date

  • Published: Aug. 2, 2024, 10:16 a.m.
  • Last Modified: Aug. 2, 2024, 12:59 p.m.

Status : Undergoing Analysis

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

security@apache.org

*Disclaimer: Some vulnerabilities do not have an associated CPE. To enhance the data, we use AI to infer CPEs based on CVE details. This is an automated process and might not always be accurate.