{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-27181", "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "state": "PUBLISHED", "assignerShortName": "apache", "dateReserved": "2024-02-21T03:03:36.039Z", "datePublished": "2024-08-02T09:27:48.639Z", "dateUpdated": "2024-08-12T19:53:28.790Z"}, "containers": {"cna": {"affected": [{"collectionURL": "https://repo.maven.apache.org/maven2", "defaultStatus": "unaffected", "packageName": "org.apache.linkis:linkis-pes-publicservice", "product": "Apache Linkis Basic management services", "vendor": "Apache Software Foundation", "versions": [{"lessThan": "1.6.0", "status": "affected", "version": "1.3.2", "versionType": "maven"}]}], "credits": [{"lang": "en", "type": "reporter", "value": "superx"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "In Apache Linkis &lt;= 1.5.0,\n\nPrivilege Escalation in Basic management services where the attacking user is \n\n<span style=\"background-color: rgb(255, 255, 255);\">a trusted account</span>\n\n allows access to Linkis's Token information. Users are advised to upgrade to version 1.6.0, which fixes this issue."}], "value": "In Apache Linkis <= 1.5.0,\n\nPrivilege Escalation in Basic management services where the attacking user is \n\na trusted account\n\n allows access to Linkis's Token information. Users are advised to upgrade to version 1.6.0, which fixes this issue."}], "metrics": [{"other": {"content": {"text": "important"}, "type": "Textual description of severity"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-269", "description": "CWE-269 Improper Privilege Management", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "shortName": "apache", "dateUpdated": "2024-08-02T09:27:48.639Z"}, "references": [{"tags": ["vendor-advisory"], "url": "https://lists.apache.org/thread/hosd73l7hxb3rpt5rb0yg0ld11zph4c6"}], "source": {"discovery": "UNKNOWN"}, "title": "Apache Linkis Basic management services: Privilege Escalation Attack vulnerability", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"affected": [{"vendor": "apache", "product": "linkis", "cpes": ["cpe:2.3:a:apache:linkis:*:*:*:*:*:*:*:*"], "defaultStatus": "unaffected", "versions": [{"version": "1.3.2", "status": "affected", "lessThan": "1.6.0", "versionType": "maven"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2024-08-02T13:50:17.045234Z", "id": "CVE-2024-27181", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-12T19:53:28.790Z"}}, {"title": "CVE Program Container", "references": [{"url": "http://www.openwall.com/lists/oss-security/2024/08/02/3"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T16:03:23.622Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "http://www.openwall.com/lists/oss-security/2024/08/02/3"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T16:03:23.622Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2024-27181", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-08-02T13:50:17.045234Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:apache:linkis:*:*:*:*:*:*:*:*"], "vendor": "apache", "product": "linkis", "versions": [{"status": "affected", "version": "1.3.2", "lessThan": "1.6.0", "versionType": "maven"}], "defaultStatus": "unaffected"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-02T13:51:05.211Z"}}], "cna": {"title": "Apache Linkis Basic management services: Privilege Escalation Attack vulnerability", "source": {"discovery": "UNKNOWN"}, "credits": [{"lang": "en", "type": "reporter", "value": "superx"}], "metrics": [{"other": {"type": "Textual description of severity", "content": {"text": "important"}}}], "affected": [{"vendor": "Apache Software Foundation", "product": "Apache Linkis Basic management services", "versions": [{"status": "affected", "version": "1.3.2", "lessThan": "1.6.0", "versionType": "maven"}], "packageName": "org.apache.linkis:linkis-pes-publicservice", "collectionURL": "https://repo.maven.apache.org/maven2", "defaultStatus": "unaffected"}], "references": [{"url": "https://lists.apache.org/thread/hosd73l7hxb3rpt5rb0yg0ld11zph4c6", "tags": ["vendor-advisory"]}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "In Apache Linkis <= 1.5.0,\n\nPrivilege Escalation in Basic management services where the attacking user is \n\na trusted account\n\n allows access to Linkis's Token information. Users are advised to upgrade to version 1.6.0, which fixes this issue.", "supportingMedia": [{"type": "text/html", "value": "In Apache Linkis &lt;= 1.5.0,\n\nPrivilege Escalation in Basic management services where the attacking user is \n\n<span style=\"background-color: rgb(255, 255, 255);\">a trusted account</span>\n\n allows access to Linkis's Token information. Users are advised to upgrade to version 1.6.0, which fixes this issue.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-269", "description": "CWE-269 Improper Privilege Management"}]}], "providerMetadata": {"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "shortName": "apache", "dateUpdated": "2024-08-02T09:27:48.639Z"}}}, "cveMetadata": {"cveId": "CVE-2024-27181", "state": "PUBLISHED", "dateUpdated": "2024-08-12T19:53:28.790Z", "dateReserved": "2024-02-21T03:03:36.039Z", "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "datePublished": "2024-08-02T09:27:48.639Z", "assignerShortName": "apache"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "In Apache Linkis <= 1.5.0,\n\nPrivilege Escalation in Basic management services where the attacking user is \n\na trusted account\n\n allows access to Linkis's Token information. Users are advised to upgrade to version 1.6.0, which fixes this issue."}, {"lang": "es", "value": "En Apache Linkis &lt;= 1.5.0, la escalada de privilegios en los servicios de administraci\u00f3n b\u00e1sicos donde el usuario atacante es una cuenta de confianza permite el acceso a la informaci\u00f3n del token de Linkis. Se recomienda a los usuarios actualizar a la versi\u00f3n 1.6.0, que soluciona este problema."}], "id": "CVE-2024-27181", "lastModified": "2024-08-02T14:35:10.763", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2024-08-02T10:15:59.990", "references": [{"source": "security@apache.org", "url": "https://lists.apache.org/thread/hosd73l7hxb3rpt5rb0yg0ld11zph4c6"}], "sourceIdentifier": "security@apache.org", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-269"}], "source": "security@apache.org", "type": "Primary"}]}

{}