oss-sec mailing list archives

CVE-2024-27182: Apache Linkis Basic management services: Engine material management Arbitrary file deletion vulnerability

From: Heping Wang <peacewong () apache org>
Date: Fri, 02 Aug 2024 03:50:11 +0000

Severity: important

Affected versions:

- Apache Linkis  Basic management services 1.3.2 before 1.6.0

Description:

In Apache Linkis <= 1.5.0,

Arbitrary file deletion in Basic management services on 

A user with an administrator account could delete any file accessible by the Linkis system user

.
Users are recommended to upgrade to version 1.6.0, which fixes this issue.

Credit:

superx (reporter)

References:

https://linkis.apache.org
https://www.cve.org/CVERecord?id=CVE-2024-27182

Current thread:

CVE-2024-27182: Apache Linkis Basic management services: Engine material management Arbitrary file deletion vulnerability Heping Wang (Aug 02)