CVE-2020-13937

Apache Kylin 2.0.0, 2.1.0, 2.2.0, 2.3.0, 2.3.1, 2.3.2, 2.4.0, 2.4.1, 2.5.0, 2.5.1, 2.5.2, 2.6.0, 2.6.1, 2.6.2, 2.6.3, 2.6.4, 2.6.5, 2.6.6, 3.0.0-alpha, 3.0.0-alpha2, 3.0.0-beta, 3.0.0, 3.0.1, 3.0.2, 3.1.0, 4.0.0-alpha has one restful api which exposed Kylin's configuration information without any authentication, so it is dangerous because some confidential information entries will be disclosed to everyone.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5.3 MEDIUM
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
apacheCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 99%
VendorProductVersion
apachekylin
2.0.0
apachekylin
2.1.0
apachekylin
2.2.0
apachekylin
2.3.0
apachekylin
2.3.1
apachekylin
2.3.2
apachekylin
2.4.0
apachekylin
2.4.1
apachekylin
2.5.0
apachekylin
2.5.1
apachekylin
2.5.2
apachekylin
2.6.0
apachekylin
2.6.1
apachekylin
2.6.2
apachekylin
2.6.3
apachekylin
2.6.4
apachekylin
2.6.5
apachekylin
2.6.6
apachekylin
3.0.0
apachekylin
3.0.0:alpha
apachekylin
3.0.0:alpha2
apachekylin
3.0.0:beta
apachekylin
3.0.1
apachekylin
3.0.2
apachekylin
3.1.0
apachekylin
4.0.0:alpha
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://lists.apache.org/thread.html/rc592e0dcee5a2615f1d9522af30ef1822c1f863d5e05e7da9d1e57f4%40%3Cuser.kylin.apache.org%3E
https://lists.apache.org/thread.html/rc592e0dcee5a2615f1d9522af30ef1822c1f863d5e05e7da9d1e57f4%40%3Cuser.kylin.apache.org%3E