CVE-2020-13937
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2020-13937
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-13937.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2020-13937
- Aliases
- Published
- 2020-10-19T21:15:12Z
- Modified
- 2024-09-03T03:15:21.493182Z
- Severity
-
- 5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS Calculator
- Summary
- [none]
- Details
-
Apache Kylin 2.0.0, 2.1.0, 2.2.0, 2.3.0, 2.3.1, 2.3.2, 2.4.0, 2.4.1, 2.5.0, 2.5.1, 2.5.2, 2.6.0, 2.6.1, 2.6.2, 2.6.3, 2.6.4, 2.6.5, 2.6.6, 3.0.0-alpha, 3.0.0-alpha2, 3.0.0-beta, 3.0.0, 3.0.1, 3.0.2, 3.1.0, 4.0.0-alpha has one restful api which exposed Kylin's configuration information without any authentication, so it is dangerous because some confidential information entries will be disclosed to everyone.
- References
Affected packages
Git / github.com/apache/kylin
Affected ranges
- Type
- GIT
- Repo
- https://github.com/apache/kylin
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affected
Affected versions
kylin-0.*
kylin-0.6.3
kylin-0.7.1-incubating
kylin-0.7.2-incubating
kylin-1.*
kylin-1.0-incubating
kylin-1.1-incubating
kylin-1.1.1-incubating
kylin-1.2
kylin-2.*
kylin-2.3.0
kylin-2.4.1
kylin-2.6.0
kylin-3.*
kylin-3.0.0
kylin-4.*
kylin-4.0.0-alpha
v0.*
v0.6.1
v0.6.1_mysql_auth
v0.6.2
v0.6.4
v0.6.5