CVE-2024-27182

MEDIUM4.9EPSS 0.31%

Apache Linkis arbitrary file deletion vulnerability

Published: 8/2/2024Modified: 3/27/2025

Description

In Apache Linkis <= 1.5.0, Arbitrary file deletion in Basic management services on a user with an administrator account could delete any file accessible by the Linkis system user. Users are recommended to upgrade to version 1.6.0, which fixes this issue.

Affected packages (1)

Maven/org.apache.linkis:linkisfrom 0, < 1.6.0

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 4.0	—	CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N
osv	CVSS 3.1	MEDIUM4.9	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N

References (4)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2024-27182
PATCHhttps://github.com/apache/linkis
WEBhttps://lists.apache.org/thread/2of1p433h8rbq2bx525rtftnk19oz38h
WEBhttp://www.openwall.com/lists/oss-security/2024/08/02/4