Vulnerabilities > Apache > Kylin
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-01-29 | CVE-2023-29055 | Insufficiently Protected Credentials vulnerability in Apache Kylin In Apache Kylin version 2.0.0 to 4.0.3, there is a Server Config web interface that displays the content of file 'kylin.properties', that may contain serverside credentials. | 7.5 |
| 2022-12-30 | CVE-2022-43396 | Unspecified vulnerability in Apache Kylin In the fix for CVE-2022-24697, a blacklist is used to filter user input commands. | 8.8 |
| 2022-12-30 | CVE-2022-44621 | Command Injection vulnerability in Apache Kylin Diagnosis Controller miss parameter validation, so user may attacked by command injection via HTTP Request. | 9.8 |
| 2022-10-13 | CVE-2022-24697 | OS Command Injection vulnerability in Apache Kylin Kylin's cube designer function has a command injection vulnerability when overwriting system parameters in the configuration overwrites menu. | 9.8 |
| 2022-01-06 | CVE-2021-27738 | Server-Side Request Forgery (SSRF) vulnerability in Apache Kylin All request mappings in `StreamingCoordinatorController.java` handling `/kylin/api/streaming_coordinator/*` REST API endpoints did not include any security checks, which allowed an unauthenticated user to issue arbitrary requests, such as assigning/unassigning of streaming cubes, creation/modification and deletion of replica sets, to the Kylin Coordinator. | 5.0 |
| 2022-01-06 | CVE-2021-31522 | Unsafe Reflection vulnerability in Apache Kylin Kylin can receive user input and load any class through Class.forName(...). | 7.5 |
| 2022-01-06 | CVE-2021-36774 | Unspecified vulnerability in Apache Kylin Apache Kylin allows users to read data from other database systems using JDBC. | 6.5 |
| 2022-01-06 | CVE-2021-45456 | Command Injection vulnerability in Apache Kylin 4.0.0 Apache kylin checks the legitimacy of the project before executing some commands with the project name passed in by the user. | 7.5 |
| 2022-01-06 | CVE-2021-45457 | Incorrect Authorization vulnerability in Apache Kylin In Apache Kylin, Cross-origin requests with credentials are allowed to be sent from any origin. | 5.0 |
| 2022-01-06 | CVE-2021-45458 | Use of Insufficiently Random Values vulnerability in Apache Kylin Apache Kylin provides encryption classes PasswordPlaceholderConfigurer to help users encrypt their passwords. | 7.5 |