HomePentest-Tools.com Logo

Apache Kylin - Exposed Configuration File CVE-2020-13937

Severity
CVSSv3 Score
5.3
Vulnerability description

Apache Kylin 2.0.0, 2.1.0, 2.2.0, 2.3.0, 2.3.1, 2.3.2, 2.4.0, 2.4.1, 2.5.0, 2.5.1, 2.5.2, 2.6.0, 2.6.1, 2.6.2, 2.6.3, 2.6.4, 2.6.5, 2.6.6, 3.0.0-alpha, 3.0.0-alpha2, 3.0.0-beta, 3.0.0, 3.0.1, 3.0.2, 3.1.0, 4.0.0-alpha have one REST API which exposed Kylin's configuration information without authentication.

Risk description

No risk description to display.

Recommendation

Secure the configuration file by restricting access permissions and implementing proper access controls.

Codename
Not available
Detectable with
Network Scanner
Scan engine
Nuclei
Exploitable with Sniper
No
CVE Published
Oct 19, 2020
Detection added at
Software Type
Not available
Vendor
Not available
Product
Not available