CVE-2024-48944

Name of the Vulnerable Software and Affected Versions Apache Kylin versions 5.0.0 through 5.0.1

Description A Server-Side Request Forgery (SSRF) issue affects Apache Kylin, allowing an attacker with admin access to a kylin server to forge a request to invoke the "/kylin/api/xxx/diag" API endpoint on another internal host, potentially leaking information. This requires two preconditions: the attacker must have admin access to a kylin server, and another internal host must have the "/kylin/api/xxx/diag" API endpoint open for service.

Recommendations For Apache Kylin versions 5.0.0 through 5.0.1, upgrade to version 5.0.2 to fix the issue. As a temporary workaround, consider restricting access to the "/kylin/api/xxx/diag" API endpoint to minimize the risk of exploitation.