Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
5.3
CVSSv3

CVE-2020-13937

Published: 19/10/2020 Updated: 29/10/2020
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
CVSS v3 Base Score: 5.3 | Impact Score: 1.4 | Exploitability Score: 3.9
VMScore: 446
Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N
Subscribe to Kylin

Vulnerability Summary

Apache Kylin 2.0.0, 2.1.0, 2.2.0, 2.3.0, 2.3.1, 2.3.2, 2.4.0, 2.4.1, 2.5.0, 2.5.1, 2.5.2, 2.6.0, 2.6.1, 2.6.2, 2.6.3, 2.6.4, 2.6.5, 2.6.6, 3.0.0-alpha, 3.0.0-alpha2, 3.0.0-beta, 3.0.0, 3.0.1, 3.0.2, 3.1.0, 4.0.0-alpha has one restful api which exposed Kylin's configuration information without any authentication, so it is dangerous because some confidential information entries will be disclosed to everyone.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

apache kylin 2.0.0

apache kylin 2.1.0

apache kylin 2.2.0

apache kylin 2.3.0

apache kylin 2.3.1

apache kylin 2.3.2

apache kylin 2.4.0

apache kylin 2.4.1

apache kylin 2.5.0

apache kylin 2.5.1

apache kylin 2.5.2

apache kylin 2.6.0

apache kylin 2.6.1

apache kylin 2.6.2

apache kylin 2.6.3

apache kylin 2.6.4

apache kylin 2.6.5

apache kylin 2.6.6

apache kylin 3.0.0

apache kylin 3.0.1

apache kylin 3.0.2

apache kylin 3.1.0

apache kylin 4.0.0

Mailing Lists

Full Disclosure: [SECURITY][CVE-2020-13937] Unauthenticated Configuration Disclosure
<!--X-Body-Begin--> <!--X-User-Header--> oss-sec mailing list archives <!--X-User-Header-End--> <!--X-TopPNI--> By Date By Thread </form> <!--X-TopPNI-End--> <!--X-MsgBody--> <!--X-Subject-Header-Begin--> [SECURITY][CVE-2020-13937] Unauthenticated Configuration Disclosure <!--X-Subject-Header-End--> <!--X-Head-of-Message--> Fro ...

Github Repositories

https://github.com/Al1ex/CVE-2020-13937

Apache Kylin API Unauthorized Access

Description Apache Kylin 200, 210, 220, 230, 231, 232, 240, 241, 250, 251, 252, 260, 261, 262, 263, 264, 265, 266, 300-alpha, 300-alpha2, 300-beta, 300, 301, 302, 310, 400-alpha has one restful api which exposed Kylin's configuration information without any authentication, so it is dangerous because some confidential info

https://github.com/yaunsky/CVE-2020-13937

Apache Kylin API未授权访问漏洞;CVE-2020-13937;Apache Kylin漏洞

Apache Kylin API未授权访问漏洞(CVE-2020-13937 Fofa:title="Kylin" 使用方法 使用帮助:python3 cve-2020-13937py --help 单一检测:python3 cve-2020-13937py -u 127001 批量检测:python3 cve-2020-13937py -f targettxt

https://github.com/kailing0220/CVE-2020-13937

Apache Kylin有一个restful api会在没有任何认证的情况下暴露配置信息

CVE-2020-13937 1漏洞描述: Apache Kylin有一个restful api会在没有任何认证的情况下暴露配置信息。 2复现 有漏洞对比 无漏洞对比 编写poc 验证正确单个url :pocsuite -r CVE-2022-26134py -u url 验证错误单个url:pocsuite -r CVE-2022-26134py -u url 批量扫描:pocsuite -r CVE-2022-26134py -u urltxt 3脚本代码 from c

References

CWE-922https://lists.apache.org/thread.html/rc592e0dcee5a2615f1d9522af30ef1822c1f863d5e05e7da9d1e57f4%40%3Cuser.kylin.apache.org%3Ehttps://nvd.nist.govhttps://github.com/Al1ex/CVE-2020-13937http://seclists.org/oss-sec/2020/q4/69
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-30924CVE-2024-3400overflowCVE-2024-23528CVE-2024-21338CVE-2024-3818CVE-2024-23535NULL pointer dereferenceelevation of privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook