Apache Kylin has Insufficiently Protected Credentials

In Apache Kylin version 2.0.0 to 4.0.3, there is a Server Config web interface that displays the content of file 'kylin.properties', that may contain serverside credentials. When the kylin service runs over HTTP or other plain text protocol, it is possible for network sniffers to hijack the HTTP...

GHSA-3VVC-V8C2-43R7 Apache Kylin has Insufficiently Protected Credentials

In Apache Kylin version 2.0.0 to 4.0.3, there is a Server Config web interface that displays the content of file 'kylin.properties', that may contain serverside credentials. When the kylin service runs over HTTP or other plain text protocol, it is possible for network sniffers to hijack the HTTP...

CVE-2023-29055

CVE-2023-29055 affects Apache Kylin 2.0.0–4.0.3, where the Server Config web interface can display the contents of kylin.properties. When accessed over HTTP (or other plaintext protocols), network sniffers may intercept the payload and access potential server-side credentials. The root cause is t...

Apache Kylin 安全漏洞

Apache Kylin is the United States Apache Apache Foundation of an open source distributed analytical data warehouse . The product mainly provides Hadoop/Spark on top of the SQL query interface and multidimensional analysis OLAP and other functions. Apache Kylin suffers from an information disclosu...