CVE-2020-13937

Source
https://nvd.nist.gov/vuln/detail/CVE-2020-13937
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-13937.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2020-13937
Aliases
Published
2020-10-19T21:15:12Z
Modified
2024-10-12T05:57:33.498827Z
Severity
  • 5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS Calculator
Summary
[none]
Details

Apache Kylin 2.0.0, 2.1.0, 2.2.0, 2.3.0, 2.3.1, 2.3.2, 2.4.0, 2.4.1, 2.5.0, 2.5.1, 2.5.2, 2.6.0, 2.6.1, 2.6.2, 2.6.3, 2.6.4, 2.6.5, 2.6.6, 3.0.0-alpha, 3.0.0-alpha2, 3.0.0-beta, 3.0.0, 3.0.1, 3.0.2, 3.1.0, 4.0.0-alpha has one restful api which exposed Kylin's configuration information without any authentication, so it is dangerous because some confidential information entries will be disclosed to everyone.

References

Affected packages

Git / github.com/apache/kylin

Affected ranges

Type
GIT
Repo
https://github.com/apache/kylin
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected

Affected versions

kylin-0.*

kylin-0.6.3
kylin-0.7.1-incubating
kylin-0.7.2-incubating

kylin-1.*

kylin-1.0-incubating
kylin-1.1-incubating
kylin-1.1.1-incubating
kylin-1.2

kylin-2.*

kylin-2.3.0
kylin-2.4.1
kylin-2.6.0

kylin-3.*

kylin-3.0.0

kylin-4.*

kylin-4.0.0-alpha

v0.*

v0.6.1
v0.6.1_mysql_auth
v0.6.2
v0.6.4
v0.6.5