CVE-2020-13937

Name of the Vulnerable Software and Affected Versions Apache Kylin versions 2.0.0 through 4.0.0-alpha

Description The issue allows unauthorized access to Kylin's configuration information through a restful API endpoint without requiring any authentication. This poses a significant risk as it can lead to the disclosure of confidential information entries to unauthorized parties.

Recommendations For Apache Kylin versions 2.0.0 through 4.0.0-alpha, consider restricting access to the restful API endpoint that exposes configuration information until a patch is available. As a temporary workaround, disabling the API endpoint or implementing authentication mechanisms can help minimize the risk of exploitation.