CVE-2020-13937

Apache Kylin 2.0.0, 2.1.0, 2.2.0, 2.3.0, 2.3.1, 2.3.2, 2.4.0, 2.4.1, 2.5.0, 2.5.1, 2.5.2, 2.6.0, 2.6.1, 2.6.2, 2.6.3, 2.6.4, 2.6.5, 2.6.6, 3.0.0-alpha, 3.0.0-alpha2, 3.0.0-beta, 3.0.0, 3.0.1, 3.0.2, 3.1.0, 4.0.0-alpha has one restful api which exposed Kylin's configuration information without any authentication, so it is dangerous because some confidential information entries will be disclosed to everyone.
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

OR cpe:2.3:a:apache:kylin:2.0.0:*:*:*:*:*:*:*
cpe:2.3:a:apache:kylin:2.1.0:*:*:*:*:*:*:*
cpe:2.3:a:apache:kylin:2.2.0:*:*:*:*:*:*:*
cpe:2.3:a:apache:kylin:2.3.0:*:*:*:*:*:*:*
cpe:2.3:a:apache:kylin:2.3.1:*:*:*:*:*:*:*
cpe:2.3:a:apache:kylin:2.3.2:*:*:*:*:*:*:*
cpe:2.3:a:apache:kylin:2.4.0:*:*:*:*:*:*:*
cpe:2.3:a:apache:kylin:2.4.1:*:*:*:*:*:*:*
cpe:2.3:a:apache:kylin:2.5.0:*:*:*:*:*:*:*
cpe:2.3:a:apache:kylin:2.5.1:*:*:*:*:*:*:*
cpe:2.3:a:apache:kylin:2.5.2:*:*:*:*:*:*:*
cpe:2.3:a:apache:kylin:3.0.0:alpha:*:*:*:*:*:*
cpe:2.3:a:apache:kylin:3.0.0:alpha2:*:*:*:*:*:*
cpe:2.3:a:apache:kylin:3.0.0:beta:*:*:*:*:*:*
cpe:2.3:a:apache:kylin:3.0.0:-:*:*:*:*:*:*
cpe:2.3:a:apache:kylin:3.0.1:*:*:*:*:*:*:*
cpe:2.3:a:apache:kylin:4.0.0:alpha:*:*:*:*:*:*
cpe:2.3:a:apache:kylin:2.6.6:*:*:*:*:*:*:*
cpe:2.3:a:apache:kylin:2.6.0:*:*:*:*:*:*:*
cpe:2.3:a:apache:kylin:2.6.1:*:*:*:*:*:*:*
cpe:2.3:a:apache:kylin:2.6.2:*:*:*:*:*:*:*
cpe:2.3:a:apache:kylin:2.6.3:*:*:*:*:*:*:*
cpe:2.3:a:apache:kylin:2.6.4:*:*:*:*:*:*:*
cpe:2.3:a:apache:kylin:3.0.2:*:*:*:*:*:*:*
cpe:2.3:a:apache:kylin:3.1.0:*:*:*:*:*:*:*
cpe:2.3:a:apache:kylin:2.6.5:*:*:*:*:*:*:*

Information

Published : 2020-10-19 14:15

Updated : 2020-10-29 15:25


NVD link : CVE-2020-13937

Mitre link : CVE-2020-13937


JSON object : View

CWE
CWE-922

Insecure Storage of Sensitive Information

Advertisement

dedicated server usa

Products Affected

apache

  • kylin