Vulnerabilities > Apache > Kylin > 3.1.1

DATE CVE VULNERABILITY TITLE RISK
2024-01-29 CVE-2023-29055 Unspecified vulnerability in Apache Kylin
In Apache Kylin version 2.0.0 to 4.0.3, there is a Server Config web interface that displays the content of file 'kylin.properties', that may contain serverside credentials.
network
low complexity
apache
7.5
2022-12-30 CVE-2022-43396 Unspecified vulnerability in Apache Kylin
In the fix for CVE-2022-24697, a blacklist is used to filter user input commands.
network
low complexity
apache
8.8
2022-12-30 CVE-2022-44621 Command Injection vulnerability in Apache Kylin
Diagnosis Controller miss parameter validation, so user may attacked by command injection via HTTP Request.
network
low complexity
apache CWE-77
critical
9.8
2022-10-13 CVE-2022-24697 OS Command Injection vulnerability in Apache Kylin
Kylin's cube designer function has a command injection vulnerability when overwriting system parameters in the configuration overwrites menu.
network
low complexity
apache CWE-78
critical
9.8
2022-01-06 CVE-2021-27738 Server-Side Request Forgery (SSRF) vulnerability in Apache Kylin
All request mappings in `StreamingCoordinatorController.java` handling `/kylin/api/streaming_coordinator/*` REST API endpoints did not include any security checks, which allowed an unauthenticated user to issue arbitrary requests, such as assigning/unassigning of streaming cubes, creation/modification and deletion of replica sets, to the Kylin Coordinator.
network
low complexity
apache CWE-918
7.5
2022-01-06 CVE-2021-31522 Unsafe Reflection vulnerability in Apache Kylin
Kylin can receive user input and load any class through Class.forName(...).
network
low complexity
apache CWE-470
critical
9.8
2022-01-06 CVE-2021-36774 Unspecified vulnerability in Apache Kylin
Apache Kylin allows users to read data from other database systems using JDBC.
network
low complexity
apache
6.5
2022-01-06 CVE-2021-45457 Incorrect Authorization vulnerability in Apache Kylin
In Apache Kylin, Cross-origin requests with credentials are allowed to be sent from any origin.
network
low complexity
apache CWE-863
7.5
2022-01-06 CVE-2021-45458 Use of Insufficiently Random Values vulnerability in Apache Kylin
Apache Kylin provides encryption classes PasswordPlaceholderConfigurer to help users encrypt their passwords.
network
low complexity
apache CWE-330
7.5