Vulnerabilities > Apache > Kylin > High

DATE CVE VULNERABILITY TITLE RISK
2024-01-29 CVE-2023-29055 Unspecified vulnerability in Apache Kylin
In Apache Kylin version 2.0.0 to 4.0.3, there is a Server Config web interface that displays the content of file 'kylin.properties', that may contain serverside credentials.
network
low complexity
apache
7.5
2022-12-30 CVE-2022-43396 Unspecified vulnerability in Apache Kylin
In the fix for CVE-2022-24697, a blacklist is used to filter user input commands.
network
low complexity
apache
8.8
2022-01-06 CVE-2021-27738 Server-Side Request Forgery (SSRF) vulnerability in Apache Kylin
All request mappings in `StreamingCoordinatorController.java` handling `/kylin/api/streaming_coordinator/*` REST API endpoints did not include any security checks, which allowed an unauthenticated user to issue arbitrary requests, such as assigning/unassigning of streaming cubes, creation/modification and deletion of replica sets, to the Kylin Coordinator.
network
low complexity
apache CWE-918
7.5
2022-01-06 CVE-2021-45457 Incorrect Authorization vulnerability in Apache Kylin
In Apache Kylin, Cross-origin requests with credentials are allowed to be sent from any origin.
network
low complexity
apache CWE-863
7.5
2022-01-06 CVE-2021-45458 Use of Insufficiently Random Values vulnerability in Apache Kylin
Apache Kylin provides encryption classes PasswordPlaceholderConfigurer to help users encrypt their passwords.
network
low complexity
apache CWE-330
7.5
2020-05-22 CVE-2020-1956 OS Command Injection vulnerability in Apache Kylin
Apache Kylin 2.3.0, and releases up to 2.6.5 and 3.0.1 has some restful apis which will concatenate os command with the user input string, a user is likely to be able to execute any os command without any protection or validation.
network
low complexity
apache CWE-78
8.8
2020-02-24 CVE-2020-1937 SQL Injection vulnerability in Apache Kylin
Kylin has some restful apis which will concatenate SQLs with the user input string, a user is likely to be able to run malicious database queries.
network
low complexity
apache CWE-89
8.8