Software Affected

Apache Kylin: 2.3.0, 2.3.1, 2.3.2, 2.4.0, 2.4.1, 2.5.0, 2.5.1, 2.5.2,

2.6.0, 2.6.1, 2.6.2, 2.6.3, 2.6.4, 3.0.0, 3.0.0-alpha, 3.0.0-alpha2,

3.0.0-beta

Overview

A vulnerability hs been reported in Apache Kylin which could allow an

attacker to execute malicious database queries on the targeted system.

Description

This Vulnerability exists in Apache Kylin due to improper validating input

by the affected REST Full API software. A remote unauthenticated attacker

could exploit this vulnerability by passing specially crafted data to the

application and execute arbitrary OS commands on the targeted system. 

Successful exploitation of this vulnerability may result in complete

compromise of vulnerable system.

Solution

Upgrade to 3.0.1 or 2.6.5 as mentioned in Kylin Apache Bulletin: 

https://kylin.apache.org/docs/security.html

Vendor Information

Kylin Apache

https://kylin.apache.org/docs/security.html

References

Cyber Security Help

https://www.cybersecurity-help.cz/vdb/SB2020052224

CVE Name

CVE-2020-1956