CVE-2024-27182— Apache Linkis Basic management services: Engine material management Arbitrary file deletion vulnerability

EPSS 0.23% · P46 Updated Mar 27, 2025

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2024-27182

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

Apache Linkis Basic management services: Engine material management Arbitrary file deletion vulnerability

Source: NVD (National Vulnerability Database)

Vulnerability Description

In Apache Linkis <= 1.5.0, Arbitrary file deletion in Basic management services on A user with an administrator account could delete any file accessible by the Linkis system user . Users are recommended to upgrade to version 1.6.0, which fixes this issue.

Source: NVD (National Vulnerability Database)

CVSS Information

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Type

对外部实体的文件或目录可访问

Source: NVD (National Vulnerability Database)

Vulnerability Title

Apache Linkis 安全漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

Apache Linkis是美国阿帕奇（Apache）基金会的一款中间件产品，可以在上层应用和底层数据引擎之间建立起有效的连接。 Apache Linkis 1.3.2 版本到 1.6.0 版本之前存在安全漏洞，该漏洞源于具有管理员帐户的用户可以删除 Linkis 系统用户可访问的任何文件。

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
Apache Software Foundation	Apache Linkis Basic management services	1.3.2 ~ 1.6.0	-

II. Public POCs for CVE-2024-27182

#	POC Description	Source Link	Shenlong Link

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2024-27182

请登录查看更多情报信息。

Same Patch Batch · Apache Software Foundation · 2024-08-02 · 3 CVEs total

CVE-2024-36268		Apache InLong TubeMQ Client: Remote Code Execution vulnerability
CVE-2024-27181		Apache Linkis Basic management services: Privilege Escalation Attack vulnerability

IV. Related Vulnerabilities

Same vendor: Apache Software Foundation

Same weakness: CWE-552

V. Comments for CVE-2024-27182

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

CVE-2024-27182— Apache Linkis Basic management services: Engine material management Arbitrary file deletion vulnerability

I. Basic Information for CVE-2024-27182

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2024-27182

III. Intelligence Information for CVE-2024-27182

Same Patch Batch · Apache Software Foundation · 2024-08-02 · 3 CVEs total

IV. Related Vulnerabilities

V. Comments for CVE-2024-27182

Leave a comment