Primary

Context

Apache APISIX Java Plugin Runner Incorrect Permission Assignment Vulnerability Allowing Privilege Escalation

Vulnerability

A vulnerability has been identified in Apache APISIX Java Plugin Runner versions 0.2.0 through 0.5.0, allowing local attackers to elevate privileges. This issue arises from incorrect file permission assignments for critical resources, enabling unauthorized access to local listening files.

Impact

Exploitation of this vulnerability could lead to unauthorized privilege escalation for local attackers.

Remediation

Users are advised to upgrade to Apache APISIX Java Plugin Runner version 0.6.0 or higher, which addresses this vulnerability.

Added: Jul 6, 2025, 6:17 AM

Updated: Jul 6, 2025, 6:17 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

3.3

remediation

7.7

relevance

0.2

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

3.3

remediation

7.7

relevance

0.2

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Apache APISIX Java Plugin Runner Incorrect Permission Assignment Vulnerability Allowing Privilege Escalation

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating