PT-2022-12363 · Apache · Apache Kylin

Alvaro Munoz

Published

2022-01-06

Updated

2022-07-12

CVE-2021-45457

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Apache Kylin versions 2.6.6 and prior Apache Kylin versions 3.1.2 and prior Apache Kylin versions 4.0.0 and prior

Description The issue allows cross-origin requests with credentials to be sent from any origin. This could potentially lead to unauthorized access to sensitive data.

Recommendations For Apache Kylin versions 2.6.6 and prior, update to a version later than 2.6.6 to resolve the issue. For Apache Kylin versions 3.1.2 and prior, update to a version later than 3.1.2 to resolve the issue. For Apache Kylin versions 4.0.0 and prior, update to a version later than 4.0.0 to resolve the issue. As a temporary workaround, consider restricting access to sensitive data and implementing additional security measures to prevent unauthorized access.

Fix

Insufficiently Protected Credentials

Incorrect Authorization

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-522CWE-863

Related Identifiers

CVE-2021-45457

GHSA-MGPF-HHGF-CXG4

Affected Products

Apache Kylin

PT-2022-12363 · Apache · Apache Kylin

CVE-2021-45457

Weakness Enumeration

Related Identifiers

Affected Products

References · 10