oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

CVE-2024-27181: Apache Linkis Basic management services: Privilege Escalation Attack vulnerability

From: Heping Wang <peacewong () apache org>
Date: Fri, 02 Aug 2024 03:47:02 +0000
Severity: important

Affected versions:

- Apache Linkis Basic management services 1.3.2 before 1.6.0

Description:

In Apache Linkis <= 1.5.0,

Privilege Escalation in Basic management services where the attacking user is 

a trusted account

 allows access to Linkis's Token information. Users are advised to upgrade to version 1.6.0, which fixes this issue.

Credit:

superx (reporter)

References:

https://linkis.apache.org
https://www.cve.org/CVERecord?id=CVE-2024-27181
Previous By Date Next
Previous By Thread Next

Current thread: