CVE-2020-13937 — MEDIUM (5.3)

Vulnerability Description

Apache Kylin 2.0.0, 2.1.0, 2.2.0, 2.3.0, 2.3.1, 2.3.2, 2.4.0, 2.4.1, 2.5.0, 2.5.1, 2.5.2, 2.6.0, 2.6.1, 2.6.2, 2.6.3, 2.6.4, 2.6.5, 2.6.6, 3.0.0-alpha, 3.0.0-alpha2, 3.0.0-beta, 3.0.0, 3.0.1, 3.0.2, 3.1.0, 4.0.0-alpha has one restful api which exposed Kylin's configuration information without any authentication, so it is dangerous because some confidential information entries will be disclosed to everyone.

CVSS Score

5.3

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

LOW

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Apache	Kylin	2.0.0

Related Weaknesses (CWE)

CWE-922

References

https://lists.apache.org/thread.html/rc592e0dcee5a2615f1d9522af30ef1822c1f863d5eMailing ListRelease NotesVendor Advisory
https://lists.apache.org/thread.html/rc592e0dcee5a2615f1d9522af30ef1822c1f863d5eMailing ListRelease NotesVendor Advisory

FAQ

What is CVE-2020-13937?

CVE-2020-13937 is a vulnerability with a CVSS score of 5.3 (MEDIUM). Apache Kylin 2.0.0, 2.1.0, 2.2.0, 2.3.0, 2.3.1, 2.3.2, 2.4.0, 2.4.1, 2.5.0, 2.5.1, 2.5.2, 2.6.0, 2.6.1, 2.6.2, 2.6.3, 2.6.4, 2.6.5, 2.6.6, 3.0.0-alpha, 3.0.0-alpha2, 3.0.0-beta, 3.0.0, 3.0.1, 3.0.2, 3...

How severe is CVE-2020-13937?

CVE-2020-13937 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2020-13937?

Check the references section above for vendor advisories and patch information. Affected products include: Apache Kylin.