CVE-2023-29055 in Kylininfo

Summary

by MITRE • 01/29/2024

In Apache Kylin version 2.0.0 to 4.0.3, there is a Server Config web interface that displays the content of file 'kylin.properties', that may contain serverside credentials. When the kylin service runs over HTTP (or other plain text protocol), it is possible for network sniffers to hijack the HTTP payload and get access to the content of kylin.properties and potentially the containing credentials.

To avoid this threat, users are recommended to 

* Always turn on HTTPS so that network payload is encrypted.

* Avoid putting credentials in kylin.properties, or at least not in plain text. * Use network firewalls to protect the serverside such that it is not accessible to external attackers.

* Upgrade to version Apache Kylin 4.0.4, which filters out the sensitive content that goes to the Server Config web interface.

If you want to get the best quality for vulnerability data then you always have to consider VulDB.

Analysis

by VulDB Data Team • 06/21/2025

The vulnerability described in CVE-2023-29055 represents a critical information disclosure flaw within Apache Kylin versions 2.0.0 through 4.0.3. This vulnerability manifests through the Server Config web interface which inadvertently exposes the contents of the kylin.properties configuration file to unauthorized parties. The kylin.properties file typically contains sensitive server-side credentials and configuration parameters that are essential for system operation but should remain protected from unauthorized access. The flaw becomes particularly dangerous when the Kylin service operates over unencrypted HTTP protocols, creating an attack surface where network traffic can be intercepted and analyzed by malicious actors.

The technical implementation of this vulnerability stems from inadequate input validation and output filtering within the web interface components of Apache Kylin. When users access the Server Config interface, the system does not properly sanitize or filter the sensitive information contained within the kylin.properties file before displaying it to authenticated users. This design flaw creates a direct pathway for credential exposure, as the interface presents the raw file contents without any mechanism to redact or mask sensitive parameters. The vulnerability is classified under CWE-200 (Information Exposure) and aligns with ATT&CK technique T1552.001 (Credentials in Files) as it exposes stored credentials through improper access controls and output handling mechanisms.

The operational impact of this vulnerability extends beyond simple credential exposure to encompass potential system compromise and data breach scenarios. Network sniffers can easily capture HTTP payloads during transmission, allowing attackers to extract authentication tokens, database connection strings, and other sensitive configuration data. This exposure enables attackers to escalate their privileges within the system and potentially gain access to underlying databases and other connected services. The vulnerability affects organizations that have not implemented proper encryption protocols or network segmentation measures, leaving them vulnerable to man-in-the-middle attacks and passive network monitoring.

Organizations affected by this vulnerability should implement multiple layers of mitigation strategies to address the exposure risk. The primary recommendation involves enabling HTTPS encryption for all Kylin service communications, which prevents network sniffers from accessing the transmitted data in plaintext format. Additionally, security best practices dictate that sensitive credentials should never be stored in plain text within configuration files, with organizations advised to implement proper credential management systems. Network firewalls should be configured to restrict access to the Server Config web interface to authorized personnel only, limiting the attack surface and preventing external exploitation attempts. The most comprehensive solution involves upgrading to Apache Kylin version 4.0.4 or later, which includes built-in filtering mechanisms that prevent sensitive content from being displayed through the Server Config interface, thereby addressing the root cause of the vulnerability through proper output sanitization and access control implementation.

Reservation

03/30/2023

Disclosure

01/29/2024

Moderation

accepted

CPE

ready

EPSS

0.01149

KEV

no

Activities

very low

Sources

Want to know what is going to be exploited?

We predict KEV entries!