OpenCVE

Kylin's cube designer function has a command injection vulnerability when overwriting system parameters in the configuration overwrites menu. RCE can be implemented by closing the single quotation marks around the parameter value of “-- conf=” to inject any operating system command into the command line parameters. This vulnerability affects Kylin 2 version 2.6.5 and earlier, Kylin 3 version 3.1.2 and earlier, and Kylin 4 version 4.0.1 and earlier.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Apache	Kylin

Configuration 1 [-]

OR	cpe:2.3:a:apache:kylin::::::::
	cpe:2.3:a:apache:kylin::::::::
	cpe:2.3:a:apache:kylin::::::::

No data.

References

Link	Providers
http://www.openwall.com/lists/oss-security/2022/12/30/1
https://lists.apache.org/thread/07mnn9c7o314wrhrwjr10w9j5s82voj4

History

No history.

MITRE

Status: PUBLISHED

Assigner: apache

Published: 2022-10-13T00:00:00

Updated: 2024-08-03T04:20:49.956Z

Reserved: 2022-02-09T00:00:00

Link: CVE-2022-24697

Vulnrichment

No data.

NVD

Status : Modified

Published: 2022-10-13T13:15:09.900

Modified: 2024-11-21T06:50:54.173

Link: CVE-2022-24697

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2022-24697", "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "assignerShortName": "apache", "dateUpdated": "2024-08-03T04:20:49.956Z", "dateReserved": "2022-02-09T00:00:00", "datePublished": "2022-10-13T00:00:00"}, "containers": {"cna": {"title": "Apache Kylin prior to 4.0.2 allows command injection when the configuration overwrites function overwrites system parameters", "providerMetadata": {"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "shortName": "apache", "dateUpdated": "2022-12-30T00:00:00"}, "descriptions": [{"lang": "en", "value": "Kylin's cube designer function has a command injection vulnerability when overwriting system parameters in the configuration overwrites menu. RCE can be implemented by closing the single quotation marks around the parameter value of \u201c-- conf=\u201d to inject any operating system command into the command line parameters. This vulnerability affects Kylin 2 version 2.6.5 and earlier, Kylin 3 version 3.1.2 and earlier, and Kylin 4 version 4.0.1 and earlier."}], "affected": [{"vendor": "Apache Software Foundation", "product": "Apache Kylin", "versions": [{"version": "Apache Kylin 2", "status": "affected", "lessThan": "2.6.6", "versionType": "custom"}, {"version": "Apache Kylin 3", "status": "affected", "lessThanOrEqual": "3.1.2", "versionType": "custom"}, {"version": "Apache Kylin 4", "status": "affected", "lessThanOrEqual": "4.0.1", "versionType": "custom"}]}], "references": [{"url": "https://lists.apache.org/thread/07mnn9c7o314wrhrwjr10w9j5s82voj4"}, {"name": "[oss-security] 20221230 CVE-2022-43396: Apache Kylin: Command injection by Useless configuration", "tags": ["mailing-list"], "url": "http://www.openwall.com/lists/oss-security/2022/12/30/1"}], "credits": [{"lang": "en", "value": "Kylin Team would like to thanks Kai Zhao of ToTU Secruity Team."}], "metrics": [{"other": {"type": "unknown", "content": {"other": "important"}}}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "Command injection"}]}], "x_generator": {"engine": "Vulnogram 0.0.9"}, "source": {"discovery": "UNKNOWN"}, "workarounds": [{"lang": "en", "value": "Users of Kylin 2.x & Kylin 3.x & 4.x should upgrade to 4.0.2 or apply patch https://github.com/apache/kylin/pull/1811 ."}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T04:20:49.956Z"}, "title": "CVE Program Container", "references": [{"url": "https://lists.apache.org/thread/07mnn9c7o314wrhrwjr10w9j5s82voj4", "tags": ["x_transferred"]}, {"name": "[oss-security] 20221230 CVE-2022-43396: Apache Kylin: Command injection by Useless configuration", "tags": ["mailing-list", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2022/12/30/1"}]}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:apache:kylin:*:*:*:*:*:*:*:*", "matchCriteriaId": "C6B74CB6-F87D-4447-B14C-A670119EE2CB", "versionEndExcluding": "2.6.6", "versionStartIncluding": "2.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:kylin:*:*:*:*:*:*:*:*", "matchCriteriaId": "3E3780DD-1577-4A26-91B0-7A8687D257CD", "versionEndIncluding": "3.1.2", "versionStartIncluding": "3.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:kylin:*:*:*:*:*:*:*:*", "matchCriteriaId": "122C33FB-877C-4C73-8298-15B500FBB1DA", "versionEndIncluding": "4.0.1", "versionStartIncluding": "4.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Kylin's cube designer function has a command injection vulnerability when overwriting system parameters in the configuration overwrites menu. RCE can be implemented by closing the single quotation marks around the parameter value of \u201c-- conf=\u201d to inject any operating system command into the command line parameters. This vulnerability affects Kylin 2 version 2.6.5 and earlier, Kylin 3 version 3.1.2 and earlier, and Kylin 4 version 4.0.1 and earlier."}, {"lang": "es", "value": "La funci\u00f3n cube designer de Kylin presenta una vulnerabilidad de inyecci\u00f3n de comandos cuando son sobrescritos los par\u00e1metros del sistema en el men\u00fa de sobreescritura de la configuraci\u00f3n. Un RCE puede ser implementado cerrando las comillas simples alrededor del valor del par\u00e1metro \"conf\" para inyectar cualquier comando del sistema operativo en los par\u00e1metros de la l\u00ednea de comandos. Esta vulnerabilidad afecta a Kylin 2 versiones 2.6.5 y anteriores, Kylin 3 versiones 3.1.2 y anteriores, y Kylin 4 versiones 4.0.1 y anteriores"}], "id": "CVE-2022-24697", "lastModified": "2024-11-21T06:50:54.173", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-10-13T13:15:09.900", "references": [{"source": "security@apache.org", "tags": ["Mailing List", "Patch", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2022/12/30/1"}, {"source": "security@apache.org", "tags": ["Mailing List", "Patch", "Vendor Advisory"], "url": "https://lists.apache.org/thread/07mnn9c7o314wrhrwjr10w9j5s82voj4"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Patch", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2022/12/30/1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Patch", "Vendor Advisory"], "url": "https://lists.apache.org/thread/07mnn9c7o314wrhrwjr10w9j5s82voj4"}], "sourceIdentifier": "security@apache.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-78"}], "source": "nvd@nist.gov", "type": "Primary"}]}