Vulnerabilities > Apache > Kylin

DATE CVE VULNERABILITY TITLE RISK
2024-01-29 CVE-2023-29055 Unspecified vulnerability in Apache Kylin
In Apache Kylin version 2.0.0 to 4.0.3, there is a Server Config web interface that displays the content of file 'kylin.properties', that may contain serverside credentials.
network
low complexity
apache
7.5
2022-12-30 CVE-2022-43396 Unspecified vulnerability in Apache Kylin
In the fix for CVE-2022-24697, a blacklist is used to filter user input commands.
network
low complexity
apache
8.8
2022-12-30 CVE-2022-44621 Command Injection vulnerability in Apache Kylin
Diagnosis Controller miss parameter validation, so user may attacked by command injection via HTTP Request.
network
low complexity
apache CWE-77
critical
9.8
2022-10-13 CVE-2022-24697 OS Command Injection vulnerability in Apache Kylin
Kylin's cube designer function has a command injection vulnerability when overwriting system parameters in the configuration overwrites menu.
network
low complexity
apache CWE-78
critical
9.8
2022-01-06 CVE-2021-27738 Server-Side Request Forgery (SSRF) vulnerability in Apache Kylin
All request mappings in `StreamingCoordinatorController.java` handling `/kylin/api/streaming_coordinator/*` REST API endpoints did not include any security checks, which allowed an unauthenticated user to issue arbitrary requests, such as assigning/unassigning of streaming cubes, creation/modification and deletion of replica sets, to the Kylin Coordinator.
network
low complexity
apache CWE-918
7.5
2022-01-06 CVE-2021-31522 Unsafe Reflection vulnerability in Apache Kylin
Kylin can receive user input and load any class through Class.forName(...).
network
low complexity
apache CWE-470
critical
9.8
2022-01-06 CVE-2021-36774 Unspecified vulnerability in Apache Kylin
Apache Kylin allows users to read data from other database systems using JDBC.
network
low complexity
apache
6.5
2022-01-06 CVE-2021-45456 Command Injection vulnerability in Apache Kylin 4.0.0
Apache kylin checks the legitimacy of the project before executing some commands with the project name passed in by the user.
network
low complexity
apache CWE-77
critical
9.8
2022-01-06 CVE-2021-45457 Incorrect Authorization vulnerability in Apache Kylin
In Apache Kylin, Cross-origin requests with credentials are allowed to be sent from any origin.
network
low complexity
apache CWE-863
7.5
2022-01-06 CVE-2021-45458 Use of Insufficiently Random Values vulnerability in Apache Kylin
Apache Kylin provides encryption classes PasswordPlaceholderConfigurer to help users encrypt their passwords.
network
low complexity
apache CWE-330
7.5