CVE-2024-27182

Aug. 2, 2024, 12:59 p.m.

Tags

security@apache.org
CWE-552
2024-08-02
CVE-2024-27182

Product(s) Impacted

Apache Linkis

  • <= 1.5.0

Description

In Apache Linkis <= 1.5.0, Arbitrary file deletion in Basic management services on A user with an administrator account could delete any file accessible by the Linkis system user . Users are recommended to upgrade to version 1.6.0, which fixes this issue.

Weaknesses

CWE-552
Files or Directories Accessible to External Parties

The product makes files or directories accessible to unauthorized actors, even though they should not be.

CWE ID: 552

Date

Published: Aug. 2, 2024, 10:16 a.m.

Last Modified: Aug. 2, 2024, 12:59 p.m.

Status : Undergoing Analysis

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

security@apache.org

References

https://lists.apache.org/thread/2of1p433h8rbq2bx525rtftnk19oz38h
security@apache.org