Lucene search

Veracode Vulnerability DatabaseVERACODE:45203

HistoryJan 30, 2024 - 9:59 a.m.

Sensitive Information Disclosure

2024-01-3009:59:32

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

apache kylin

vulnerability

sensitive information

disclosure

credentials

server config

web interface

http

unauthorized access

data access

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

7 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

52.4%

JSON

Apache Kylin is vulnerable to Sensitive Information Disclosure. The vulnerability is due to the exposure of credentials within the kylin.properties file through the Server Config web interface when the Kylin service runs over HTTP. This could allow an attacker to gain unauthorized access to the Kylin server or other related systems, leading to unauthorized data access.

CPENameOperatorVersion
apache kylin - core commonle4.0.3
apache kylin - core commonle4.0.3

CPE	Name	Operator	Version
	apache kylin - core common	le	4.0.3
	apache kylin - core common	le	4.0.3

References

www.openwall.com/lists/oss-security/2024/01/29/1

github.com/advisories/GHSA-3vvc-v8c2-43r7

github.com/apache/kylin/commit/b60d5ae694dffc2281bfe0ef464eada0b3a9b774

lists.apache.org/thread/o1bvyv9wnfkx7dxpfjlor20nykgsoh6r

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

7 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

52.4%

JSON

Related for VERACODE:45203