CVE-2024-27181

{"id": "CVE-2024-27181", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}]}, "published": "2024-08-02T10:15:59.990", "references": [{"url": "https://lists.apache.org/thread/hosd73l7hxb3rpt5rb0yg0ld11zph4c6", "tags": ["Vendor Advisory"], "source": "[email protected]"}, {"url": "http://www.openwall.com/lists/oss-security/2024/08/02/3", "tags": ["Mailing List"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-269"}]}], "descriptions": [{"lang": "en", "value": "In Apache Linkis <= 1.5.0,\n\nPrivilege Escalation in Basic management services where the attacking user is \n\na trusted account\n\n allows access to Linkis's Token information. Users are advised to upgrade to version 1.6.0, which fixes this issue."}, {"lang": "es", "value": "En Apache Linkis &lt;= 1.5.0, la escalada de privilegios en los servicios de administraci\u00f3n b\u00e1sicos donde el usuario atacante es una cuenta de confianza permite el acceso a la informaci\u00f3n del token de Linkis. Se recomienda a los usuarios actualizar a la versi\u00f3n 1.6.0, que soluciona este problema."}], "lastModified": "2025-06-03T21:22:14.223", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:apache:linkis:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0FE36BC9-326E-4EE2-82E0-E8EC4B3694EF", "versionEndExcluding": "1.6.0"}], "operator": "OR"}]}], "sourceIdentifier": "[email protected]"}