漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
Improper Access Control to Streaming Coordinator & SSRF
Vulnerability Description
All request mappings in `StreamingCoordinatorController.java` handling `/kylin/api/streaming_coordinator/*` REST API endpoints did not include any security checks, which allowed an unauthenticated user to issue arbitrary requests, such as assigning/unassigning of streaming cubes, creation/modification and deletion of replica sets, to the Kylin Coordinator. For endpoints accepting node details in HTTP message body, unauthenticated (but limited) server-side request forgery (SSRF) can be achieved. This issue affects Apache Kylin Apache Kylin 3 versions prior to 3.1.2.
CVSS Information
N/A
Vulnerability Type
服务端请求伪造(SSRF)
Vulnerability Title
Apache Kylin 代码问题漏洞
Vulnerability Description
Apache Kylin是美国阿帕奇(Apache)基金会的一款开源的分布式分析型数据仓库。该产品主要提供Hadoop/Spark之上的SQL查询接口及多维分析(OLAP)等功能。 Apache kylin 存在代码问题漏洞,该漏洞源于所有请求映射的StreamingCoordinatorController.java‘处理’麒麟api流协调员*’REST api端点不包括任何安全检查,允许任意请求未经过身份验证的用户问题,如分配unassigning流数据集,创建修改和删除副本集,给麒麟协调员对于在HT
CVSS Information
N/A
Vulnerability Type
N/A