How severe is CVE-2024-45627?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 5.9 out of 10.

What type of vulnerability is CVE-2024-45627?

This is classified as CWE-552, which is a common weakness in software security.

CVE-2024-45627

Q: What is CVE-2024-45627?

In Apache Linkis <1.7.0, due to the lack of effective filtering of parameters, an attacker configuring malicious Mysql JDBC parameters in the DataSource Manager Module will allow the attacker to read arbitrary files from the Linkis server. Therefore, the parameters in the Mysql JDBC URL should be blacklisted. This attack requires the attacker to obtain an authorized account from Linkis before it can be carried out. Versions of Apache Linkis < 1.7.0 will be affected. We recommend users upgrade the version of Linkis to version 1.7.0.

MEDIUM Year: 2024

CVSS v3 Score

5.9

Medium

Weakness Type

CWE-552

View all →

Vulnerability Description

In Apache Linkis <1.7.0, due to the lack of effective filtering of parameters, an attacker configuring malicious Mysql JDBC parameters in the DataSource Manager Module will allow the attacker to read arbitrary files from the Linkis server. Therefore, the parameters in the Mysql JDBC URL should be blacklisted. This attack requires the attacker to obtain an authorized account from Linkis before it can be carried out. Versions of Apache Linkis < 1.7.0 will be affected. We recommend users upgrade the version of Linkis to version 1.7.0.

CVE-2017-2621

MEDIUM

CVSS:5.9(Medium)

An access-control flaw was found in the OpenStack Orchestration (heat) service before 8.0.0, 6.1.0 and 7.0.2 where a service log directory was improperly made world readable. A malicious system user c...

CWE-5522017

CVE-2020-1726

MEDIUM

CVSS:5.9(Medium)

A flaw was discovered in Podman where it incorrectly allows containers when created to overwrite existing files in volumes, even if they are mounted as read-only. When a user runs a malicious containe...

CWE-5522020

CVE-2021-29969

MEDIUM

CVSS:5.9(Medium)

If Thunderbird was configured to use STARTTLS for an IMAP connection, and an attacker injected IMAP server responses prior to the completion of the STARTTLS handshake, then Thunderbird didn't ignore t...

CWE-5522021

CVE-2021-40149

MEDIUM

CVSS:5.9(Medium)

The web server of the E1 Zoom camera through 3.0.0.716 discloses its SSL private key via the root web server directory. In this way an attacker can download the entire key via the /self.key URI.

CWE-5522021

CVE-2021-1256

MEDIUM

CVSS:6.0(Medium)

A vulnerability in the CLI of Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to overwrite files on the file system of an affected device by using directory ...

CWE-5522021

CVE-2021-1434

MEDIUM

CVSS:6.0(Medium)

A vulnerability in the CLI of Cisco IOS XE SD-WAN Software could allow an authenticated, local attacker to overwrite arbitrary files in the underlying file system. This vulnerability is due to insuffi...

CWE-5522021

CVE-2024-45627

Vulnerability Description

Related Vulnerabilities

CVE-2017-2621

CVE-2020-1726

CVE-2021-29969

CVE-2021-40149

CVE-2021-1256

CVE-2021-1434