mirror of
https://github.com/fkie-cad/nvd-json-data-feeds.git
synced 2025-06-07 05:28:59 +00:00
60 lines
1.9 KiB
JSON
60 lines
1.9 KiB
JSON
{
|
|
"id": "CVE-2024-27181",
|
|
"sourceIdentifier": "security@apache.org",
|
|
"published": "2024-08-02T10:15:59.990",
|
|
"lastModified": "2024-08-02T14:35:10.763",
|
|
"vulnStatus": "Awaiting Analysis",
|
|
"cveTags": [],
|
|
"descriptions": [
|
|
{
|
|
"lang": "en",
|
|
"value": "In Apache Linkis <= 1.5.0,\n\nPrivilege Escalation in Basic management services where the attacking user is \n\na trusted account\n\n allows access to Linkis's Token information. Users are advised to upgrade to version 1.6.0, which fixes this issue."
|
|
},
|
|
{
|
|
"lang": "es",
|
|
"value": "En Apache Linkis <= 1.5.0, la escalada de privilegios en los servicios de administraci\u00f3n b\u00e1sicos donde el usuario atacante es una cuenta de confianza permite el acceso a la informaci\u00f3n del token de Linkis. Se recomienda a los usuarios actualizar a la versi\u00f3n 1.6.0, que soluciona este problema."
|
|
}
|
|
],
|
|
"metrics": {
|
|
"cvssMetricV31": [
|
|
{
|
|
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
|
|
"type": "Secondary",
|
|
"cvssData": {
|
|
"version": "3.1",
|
|
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
|
|
"attackVector": "NETWORK",
|
|
"attackComplexity": "LOW",
|
|
"privilegesRequired": "LOW",
|
|
"userInteraction": "NONE",
|
|
"scope": "UNCHANGED",
|
|
"confidentialityImpact": "HIGH",
|
|
"integrityImpact": "HIGH",
|
|
"availabilityImpact": "HIGH",
|
|
"baseScore": 8.8,
|
|
"baseSeverity": "HIGH"
|
|
},
|
|
"exploitabilityScore": 2.8,
|
|
"impactScore": 5.9
|
|
}
|
|
]
|
|
},
|
|
"weaknesses": [
|
|
{
|
|
"source": "security@apache.org",
|
|
"type": "Primary",
|
|
"description": [
|
|
{
|
|
"lang": "en",
|
|
"value": "CWE-269"
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"references": [
|
|
{
|
|
"url": "https://lists.apache.org/thread/hosd73l7hxb3rpt5rb0yg0ld11zph4c6",
|
|
"source": "security@apache.org"
|
|
}
|
|
]
|
|
} |