CVE-2024-27181

In Apache Linkis <= 1.5.0,

Privilege Escalation in Basic management services where the attacking user is 

a trusted account

 allows access to Linkis's Token information. Users are advised to upgrade to version 1.6.0, which fixes this issue.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
8.8 HIGH
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
apacheCNA
---
---
CISA-ADPADP
8.8 HIGH
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 53%
VendorProductVersion
apachelinkis
𝑥
< 1.6.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://lists.apache.org/thread/hosd73l7hxb3rpt5rb0yg0ld11zph4c6
http://www.openwall.com/lists/oss-security/2024/08/02/3