CVE-2024-27181

EUVD-2024-2655
In Apache Linkis <= 1.5.0,

Privilege Escalation in Basic management services where the attacking user is 

a trusted account

 allows access to Linkis's Token information. Users are advised to upgrade to version 1.6.0, which fixes this issue.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
8.8 HIGH
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 56%
Affected Products (NVD)
VendorProductVersion
apachelinkis
𝑥
< 1.6.0
𝑥
= Vulnerable software versions
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
VendorProductVersionSource
apachelinkis
1.3.2 ≤
𝑥
< 1.6.0
ADP
Common Weakness Enumeration
References
https://lists.apache.org/thread/hosd73l7hxb3rpt5rb0yg0ld11zph4c6
http://www.openwall.com/lists/oss-security/2024/08/02/3