CVE-2022-24697 - Vulnerability Details - OpenCVE

Kylin's cube designer function has a command injection vulnerability when overwriting system parameters in the configuration overwrites menu. RCE can be implemented by closing the single quotation marks around the parameter value of “-- conf=” to inject any operating system command into the command line parameters. This vulnerability affects Kylin 2 version 2.6.5 and earlier, Kylin 3 version 3.1.2 and earlier, and Kylin 4 version 4.0.1 and earlier.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.40328.

Exploitation none

Automatable yes

Technical Impact total

Vendors	Products
Apache Subscribe	Kylin Subscribe

Configuration 1 [-]

OR	cpe:2.3:a:apache:kylin::::::::
	cpe:2.3:a:apache:kylin::::::::
	cpe:2.3:a:apache:kylin::::::::

No data.

No data.

Advisories

Source	ID	Title
Github GHSA	GHSA-ppxx-m926-g569	Apache Kylin vulnerable to remote code execution

Fixes

Solution

No solution given by the vendor.

Workaround

Users of Kylin 2.x & Kylin 3.x & 4.x should upgrade to 4.0.2 or apply patch https://github.com/apache/kylin/pull/1811 .

References

Link	Providers
http://www.openwall.com/lists/oss-security/2022/12/30/1
https://lists.apache.org/thread/07mnn9c7o314wrhrwjr10w9j5s82voj4

History

Wed, 16 Jul 2025 13:45:00 +0000

Type	Values Removed	Values Added
Metrics	epss `{'score': 0.55949}`	epss `{'score': 0.55401}`

Fri, 16 May 2025 14:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Projects

Sign in to view the affected projects.

MITRE

Status: PUBLISHED

Assigner: apache

Published: 2022-10-13T00:00:00.000Z

Updated: 2025-05-16T13:42:57.582Z

Reserved: 2022-02-09T00:00:00.000Z

Link: CVE-2022-24697

Vulnrichment

Updated: 2024-08-03T04:20:49.956Z

NVD

Status : Modified

Published: 2022-10-13T13:15:09.900

Modified: 2025-05-16T14:15:27.127

Link: CVE-2022-24697

Redhat

No data.

OpenCVE Enrichment

No data.

Weaknesses

CWE-78

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2022-24697", "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "assignerShortName": "apache", "dateUpdated": "2025-05-16T13:42:57.582Z", "dateReserved": "2022-02-09T00:00:00.000Z", "datePublished": "2022-10-13T00:00:00.000Z"}, "containers": {"cna": {"title": "Apache Kylin prior to 4.0.2 allows command injection when the configuration overwrites function overwrites system parameters", "providerMetadata": {"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "shortName": "apache", "dateUpdated": "2022-12-30T00:00:00.000Z"}, "descriptions": [{"lang": "en", "value": "Kylin's cube designer function has a command injection vulnerability when overwriting system parameters in the configuration overwrites menu. RCE can be implemented by closing the single quotation marks around the parameter value of \u201c-- conf=\u201d to inject any operating system command into the command line parameters. This vulnerability affects Kylin 2 version 2.6.5 and earlier, Kylin 3 version 3.1.2 and earlier, and Kylin 4 version 4.0.1 and earlier."}], "affected": [{"vendor": "Apache Software Foundation", "product": "Apache Kylin", "versions": [{"version": "Apache Kylin 2", "status": "affected", "lessThan": "2.6.6", "versionType": "custom"}, {"version": "Apache Kylin 3", "status": "affected", "lessThanOrEqual": "3.1.2", "versionType": "custom"}, {"version": "Apache Kylin 4", "status": "affected", "lessThanOrEqual": "4.0.1", "versionType": "custom"}]}], "references": [{"url": "https://lists.apache.org/thread/07mnn9c7o314wrhrwjr10w9j5s82voj4"}, {"name": "[oss-security] 20221230 CVE-2022-43396: Apache Kylin: Command injection by Useless configuration", "tags": ["mailing-list"], "url": "http://www.openwall.com/lists/oss-security/2022/12/30/1"}], "credits": [{"lang": "en", "value": "Kylin Team would like to thanks Kai Zhao of ToTU Secruity Team."}], "metrics": [{"other": {"type": "unknown", "content": {"other": "important"}}}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "Command injection"}]}], "x_generator": {"engine": "Vulnogram 0.0.9"}, "source": {"discovery": "UNKNOWN"}, "workarounds": [{"lang": "en", "value": "Users of Kylin 2.x & Kylin 3.x & 4.x should upgrade to 4.0.2 or apply patch https://github.com/apache/kylin/pull/1811 ."}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T04:20:49.956Z"}, "title": "CVE Program Container", "references": [{"url": "https://lists.apache.org/thread/07mnn9c7o314wrhrwjr10w9j5s82voj4", "tags": ["x_transferred"]}, {"name": "[oss-security] 20221230 CVE-2022-43396: Apache Kylin: Command injection by Useless configuration", "tags": ["mailing-list", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2022/12/30/1"}]}, {"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-78", "lang": "en", "description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2025-05-16T13:42:40.294419Z", "id": "CVE-2022-24697", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-05-16T13:42:57.582Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://lists.apache.org/thread/07mnn9c7o314wrhrwjr10w9j5s82voj4", "tags": ["x_transferred"]}, {"url": "http://www.openwall.com/lists/oss-security/2022/12/30/1", "name": "[oss-security] 20221230 CVE-2022-43396: Apache Kylin: Command injection by Useless configuration", "tags": ["mailing-list", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T04:20:49.956Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2022-24697", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-05-16T13:42:40.294419Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-78", "description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-05-16T13:42:53.284Z"}}], "cna": {"title": "Apache Kylin prior to 4.0.2 allows command injection when the configuration overwrites function overwrites system parameters", "source": {"discovery": "UNKNOWN"}, "credits": [{"lang": "en", "value": "Kylin Team would like to thanks Kai Zhao of ToTU Secruity Team."}], "metrics": [{"other": {"type": "unknown", "content": {"other": "important"}}}], "affected": [{"vendor": "Apache Software Foundation", "product": "Apache Kylin", "versions": [{"status": "affected", "version": "Apache Kylin 2", "lessThan": "2.6.6", "versionType": "custom"}, {"status": "affected", "version": "Apache Kylin 3", "versionType": "custom", "lessThanOrEqual": "3.1.2"}, {"status": "affected", "version": "Apache Kylin 4", "versionType": "custom", "lessThanOrEqual": "4.0.1"}]}], "references": [{"url": "https://lists.apache.org/thread/07mnn9c7o314wrhrwjr10w9j5s82voj4"}, {"url": "http://www.openwall.com/lists/oss-security/2022/12/30/1", "name": "[oss-security] 20221230 CVE-2022-43396: Apache Kylin: Command injection by Useless configuration", "tags": ["mailing-list"]}], "workarounds": [{"lang": "en", "value": "Users of Kylin 2.x & Kylin 3.x & 4.x should upgrade to 4.0.2 or apply patch https://github.com/apache/kylin/pull/1811 ."}], "x_generator": {"engine": "Vulnogram 0.0.9"}, "descriptions": [{"lang": "en", "value": "Kylin's cube designer function has a command injection vulnerability when overwriting system parameters in the configuration overwrites menu. RCE can be implemented by closing the single quotation marks around the parameter value of \u201c-- conf=\u201d to inject any operating system command into the command line parameters. This vulnerability affects Kylin 2 version 2.6.5 and earlier, Kylin 3 version 3.1.2 and earlier, and Kylin 4 version 4.0.1 and earlier."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "text", "description": "Command injection"}]}], "providerMetadata": {"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "shortName": "apache", "dateUpdated": "2022-12-30T00:00:00.000Z"}}}, "cveMetadata": {"cveId": "CVE-2022-24697", "state": "PUBLISHED", "dateUpdated": "2025-05-16T13:42:57.582Z", "dateReserved": "2022-02-09T00:00:00.000Z", "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "datePublished": "2022-10-13T00:00:00.000Z", "assignerShortName": "apache"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:apache:kylin:*:*:*:*:*:*:*:*", "matchCriteriaId": "C6B74CB6-F87D-4447-B14C-A670119EE2CB", "versionEndExcluding": "2.6.6", "versionStartIncluding": "2.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:kylin:*:*:*:*:*:*:*:*", "matchCriteriaId": "3E3780DD-1577-4A26-91B0-7A8687D257CD", "versionEndIncluding": "3.1.2", "versionStartIncluding": "3.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:kylin:*:*:*:*:*:*:*:*", "matchCriteriaId": "122C33FB-877C-4C73-8298-15B500FBB1DA", "versionEndIncluding": "4.0.1", "versionStartIncluding": "4.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Kylin's cube designer function has a command injection vulnerability when overwriting system parameters in the configuration overwrites menu. RCE can be implemented by closing the single quotation marks around the parameter value of \u201c-- conf=\u201d to inject any operating system command into the command line parameters. This vulnerability affects Kylin 2 version 2.6.5 and earlier, Kylin 3 version 3.1.2 and earlier, and Kylin 4 version 4.0.1 and earlier."}, {"lang": "es", "value": "La funci\u00f3n cube designer de Kylin presenta una vulnerabilidad de inyecci\u00f3n de comandos cuando son sobrescritos los par\u00e1metros del sistema en el men\u00fa de sobreescritura de la configuraci\u00f3n. Un RCE puede ser implementado cerrando las comillas simples alrededor del valor del par\u00e1metro \"conf\" para inyectar cualquier comando del sistema operativo en los par\u00e1metros de la l\u00ednea de comandos. Esta vulnerabilidad afecta a Kylin 2 versiones 2.6.5 y anteriores, Kylin 3 versiones 3.1.2 y anteriores, y Kylin 4 versiones 4.0.1 y anteriores"}], "id": "CVE-2022-24697", "lastModified": "2025-05-16T14:15:27.127", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2022-10-13T13:15:09.900", "references": [{"source": "security@apache.org", "tags": ["Mailing List", "Patch", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2022/12/30/1"}, {"source": "security@apache.org", "tags": ["Mailing List", "Patch", "Vendor Advisory"], "url": "https://lists.apache.org/thread/07mnn9c7o314wrhrwjr10w9j5s82voj4"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Patch", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2022/12/30/1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Patch", "Vendor Advisory"], "url": "https://lists.apache.org/thread/07mnn9c7o314wrhrwjr10w9j5s82voj4"}], "sourceIdentifier": "security@apache.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-78"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-78"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}