CVE-2020-13937
Description
Apache Kylin 2.0.0, 2.1.0, 2.2.0, 2.3.0, 2.3.1, 2.3.2, 2.4.0, 2.4.1, 2.5.0, 2.5.1, 2.5.2, 2.6.0, 2.6.1, 2.6.2, 2.6.3, 2.6.4, 2.6.5, 2.6.6, 3.0.0-alpha, 3.0.0-alpha2, 3.0.0-beta, 3.0.0, 3.0.1, 3.0.2, 3.1.0, 4.0.0-alpha has one restful api which exposed Kylin's configuration information without any authentication, so it is dangerous because some confidential information entries will be disclosed to everyone.
NVD
Severity: MEDIUM
CVE ID: CVE-2020-13937
CVSS Score: 5.3
CVSS Metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Proof Of Concept
Nuclei Templates for CVE-2020-13937
Refrence: Project Discovery GitHub
yaunsky
Apache Kylin API未授权访问漏洞;CVE-2020-13937;Apache Kylin漏洞
Refrence: GitHub
Al1ex
Apache Kylin API Unauthorized Access
Refrence: GitHub
kailing0220
Apache Kylin有一个restful api会在没有任何认证的情况下暴露配置信息
Refrence: GitHub