Insecure Storage of Sensitive Information
CVE-2020-13937
Summary
Apache Kylin versions 2.x, 3.x up to 3.1.0, and versions 4.x up to 4.0.0-beta has one restful api which exposed Kylin's configuration information without any authentication, so it is dangerous because some confidential information entries will be disclosed to everyone.
- LOW
- NETWORK
- NONE
- UNCHANGED
- NONE
- NONE
- LOW
- NONE
CWE-922 - Insecure Storage of Sensitive Information
The software stores sensitive information without properly limiting read or write access by unauthorized actors.
Advisory Timeline
- Published