QID 996989
Date Published: 2024-01-31
QID 996989: Java (Maven) Security Update for org.apache.kylin:kylin-core-common (GHSA-3vvc-v8c2-43r7)
In Apache Kylin version 2.0.0 to 4.0.3, there is a Server Config web interface that displays the content of file 'kylin.properties', that may contain serverside credentials. When the kylin service runs over HTTP (or other plain text protocol), it is possible for network sniffers to hijack the HTTP payload and get access to the content of kylin.properties and potentially the containing credentials.
Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
Solution
Refer to Github security advisory GHSA-3vvc-v8c2-43r7 for updates and patch information.
Vendor References
- GHSA-3vvc-v8c2-43r7 -
github.com/advisories/GHSA-3vvc-v8c2-43r7
CVEs related to QID 996989
Software Advisories
| Advisory ID | Software | Component | Link |
|---|---|---|---|
| GHSA-3vvc-v8c2-43r7 | org.apache.kylin:kylin-core-common |
|