2 matches found
org.apache.kylin:kylin-cache (>=2.6.0 <=4.0.0-alpha), org.apache.kylin:kylin-core-cube (>=2.0.0 <=4.0.0-alpha) +22 more potentially affected by CVE-2023-29055 via org.apache.kylin:kylin-core-common (>=2.0.0 <=4.0.0-alpha)
org.apache.kylin:kylin-core-common MAVEN version =2.0.0, =2.6.0, =2.0.0, =2.0.0, =2.0.0, =2.0.0, =2.3.2, =2.0.0, =2.6.0, =2.3.2, =2.3.2, =2.0.0, =2.0.0, =2.6.0, =2.0.0, =3.0.2 - org.apache.kylin:kylin-spark-common =4.0.0-alpha and more Source cves: CVE-2023-29055 Source advisory:...
CVE-2023-29055
CVE-2023-29055 affects Apache Kylin 2.0.0–4.0.3, where the Server Config web interface can display the contents of kylin.properties. When accessed over HTTP (or other plaintext protocols), network sniffers may intercept the payload and access potential server-side credentials. The root cause is t...