Apache Kylin is vulnerable to privilege escalation. The vulnerability exists due to the lack of validation of the host name via the request mappings in StreamingCoordinatorController.java
handling /kylin/api/streaming_coordinator/*
REST API endpoints allowing an attacker to issue arbitrary requests.
CPE | Name | Operator | Version |
---|---|---|---|
apache kylin - stream core | le | 3.1.1 | |
apache kylin - stream core | le | 3.1.1 |