CVE-2022-43396 - Vulnerability Details - OpenCVE

In the fix for CVE-2022-24697, a blacklist is used to filter user input commands. But there is a risk of being bypassed. The user can control the command by controlling the kylin.engine.spark-cmd parameter of conf.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00257.

Exploitation none

Automatable no

Technical Impact total

Vendors	Products
Apache	Kylin

Configuration 1 [-]

cpe:2.3:a:apache:kylin:*:*:*:*:*:*:*:*

No data.

No data.

Advisories

Source	ID	Title
EUVD	EUVD-2022-7613	In the fix for CVE-2022-24697, a blacklist is used to filter user input commands. But there is a risk of being bypassed. The user can control the command by controlling the kylin.engine.spark-cmd parameter of conf.
Github GHSA	GHSA-f5q9-j9r2-34gq	Apache Kylin vulnerable to Command injection by Useless configuration

Fixes

Solution

No solution given by the vendor.

Workaround

Users of Kylin 2.x & Kylin 3.x & 4.x should upgrade to 4.0.3 or apply patch https://github.com/apache/kylin/pull/2011 https://github.com/apache/kylin/pull/2011

References

Link	Providers
https://lists.apache.org/thread/ob2ks04zl5ms0r44cd74y1xdl1rzfd1r

History

Fri, 11 Apr 2025 15:15:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-184
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: apache

Published: 2022-12-30T10:30:45.627Z

Updated: 2025-04-11T14:49:56.691Z

Reserved: 2022-10-18T08:30:30.500Z

Link: CVE-2022-43396

Vulnrichment

Updated: 2024-08-03T13:32:59.631Z

NVD

Status : Modified

Published: 2022-12-30T11:15:10.407

Modified: 2025-04-11T15:15:39.980

Link: CVE-2022-43396

Redhat

No data.

OpenCVE Enrichment

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2022-43396", "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "state": "PUBLISHED", "assignerShortName": "apache", "dateReserved": "2022-10-18T08:30:30.500Z", "datePublished": "2022-12-30T10:30:45.627Z", "dateUpdated": "2025-04-11T14:49:56.691Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Apache Kylin", "vendor": "Apache Software Foundation", "versions": [{"lessThanOrEqual": "4.0.2", "status": "affected", "version": "Apache Kylin 4", "versionType": "semver"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Yasax1 Li <pp1ove.lit@gmail.com>"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "In the fix for CVE-2022-24697, a blacklist is used to filter user input commands. But there is a risk of being bypassed. The user can control the command by controlling the kylin.engine.spark-cmd parameter of conf."}], "value": "In the fix for CVE-2022-24697, a blacklist is used to filter user input commands. But there is a risk of being bypassed. The user can control the command by controlling the\u00a0kylin.engine.spark-cmd\u00a0parameter of conf."}], "metrics": [{"other": {"content": {"text": "important"}, "type": "Textual description of severity"}}], "problemTypes": [{"descriptions": [{"description": "Command injection", "lang": "en"}]}], "providerMetadata": {"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "shortName": "apache", "dateUpdated": "2022-12-30T10:30:45.627Z"}, "references": [{"tags": ["vendor-advisory"], "url": "https://lists.apache.org/thread/ob2ks04zl5ms0r44cd74y1xdl1rzfd1r"}], "source": {"discovery": "UNKNOWN"}, "title": "Apache Kylin: Command injection by Useless configuration", "workarounds": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Users of Kylin 2.x & Kylin 3.x & 4.x should upgrade to 4.0.3 or apply patch <a target=\"_blank\" rel=\"nofollow\" href=\"https://github.com/apache/kylin/pull/2011\">https://github.com/apache/kylin/pull/2011</a><br>"}], "value": "Users of Kylin 2.x & Kylin 3.x & 4.x should upgrade to 4.0.3 or apply patch\u00a0 https://github.com/apache/kylin/pull/2011 https://github.com/apache/kylin/pull/2011 \n"}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T13:32:59.631Z"}, "title": "CVE Program Container", "references": [{"tags": ["vendor-advisory", "x_transferred"], "url": "https://lists.apache.org/thread/ob2ks04zl5ms0r44cd74y1xdl1rzfd1r"}]}, {"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-184", "lang": "en", "description": "CWE-184 Incomplete List of Disallowed Inputs"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2025-04-11T14:49:21.801478Z", "id": "CVE-2022-43396", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-11T14:49:56.691Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://lists.apache.org/thread/ob2ks04zl5ms0r44cd74y1xdl1rzfd1r", "tags": ["vendor-advisory", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T13:32:59.631Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2022-43396", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-04-11T14:49:21.801478Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-184", "description": "CWE-184 Incomplete List of Disallowed Inputs"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-11T14:49:50.699Z"}}], "cna": {"title": "Apache Kylin: Command injection by Useless configuration", "source": {"discovery": "UNKNOWN"}, "credits": [{"lang": "en", "type": "finder", "value": "Yasax1 Li <pp1ove.lit@gmail.com>"}], "metrics": [{"other": {"type": "Textual description of severity", "content": {"text": "important"}}}], "affected": [{"vendor": "Apache Software Foundation", "product": "Apache Kylin", "versions": [{"status": "affected", "version": "Apache Kylin 4", "versionType": "semver", "lessThanOrEqual": "4.0.2"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://lists.apache.org/thread/ob2ks04zl5ms0r44cd74y1xdl1rzfd1r", "tags": ["vendor-advisory"]}], "workarounds": [{"lang": "en", "value": "Users of Kylin 2.x & Kylin 3.x & 4.x should upgrade to 4.0.3 or apply patch\u00a0 https://github.com/apache/kylin/pull/2011 https://github.com/apache/kylin/pull/2011 \n", "supportingMedia": [{"type": "text/html", "value": "Users of Kylin 2.x & Kylin 3.x & 4.x should upgrade to 4.0.3 or apply patch <a target=\"_blank\" rel=\"nofollow\" href=\"https://github.com/apache/kylin/pull/2011\">https://github.com/apache/kylin/pull/2011</a><br>", "base64": false}]}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "In the fix for CVE-2022-24697, a blacklist is used to filter user input commands. But there is a risk of being bypassed. The user can control the command by controlling the\u00a0kylin.engine.spark-cmd\u00a0parameter of conf.", "supportingMedia": [{"type": "text/html", "value": "In the fix for CVE-2022-24697, a blacklist is used to filter user input commands. But there is a risk of being bypassed. The user can control the command by controlling the kylin.engine.spark-cmd parameter of conf.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "Command injection"}]}], "providerMetadata": {"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "shortName": "apache", "dateUpdated": "2022-12-30T10:30:45.627Z"}}}, "cveMetadata": {"cveId": "CVE-2022-43396", "state": "PUBLISHED", "dateUpdated": "2025-04-11T14:49:56.691Z", "dateReserved": "2022-10-18T08:30:30.500Z", "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "datePublished": "2022-12-30T10:30:45.627Z", "assignerShortName": "apache"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:apache:kylin:*:*:*:*:*:*:*:*", "matchCriteriaId": "38C7BDC8-7B69-46E3-9EC5-5476445C5718", "versionEndExcluding": "4.0.3", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In the fix for CVE-2022-24697, a blacklist is used to filter user input commands. But there is a risk of being bypassed. The user can control the command by controlling the\u00a0kylin.engine.spark-cmd\u00a0parameter of conf."}, {"lang": "es", "value": "En la soluci\u00f3n para CVE-2022-24697, se utiliza una lista negra para filtrar los comandos de entrada del usuario. Pero existe el riesgo de ser ignorado. El usuario puede controlar el comando controlando el par\u00e1metro kylin.engine.spark-cmd de conf."}], "id": "CVE-2022-43396", "lastModified": "2025-04-11T15:15:39.980", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2022-12-30T11:15:10.407", "references": [{"source": "security@apache.org", "tags": ["Mailing List", "Patch", "Vendor Advisory"], "url": "https://lists.apache.org/thread/ob2ks04zl5ms0r44cd74y1xdl1rzfd1r"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Patch", "Vendor Advisory"], "url": "https://lists.apache.org/thread/ob2ks04zl5ms0r44cd74y1xdl1rzfd1r"}], "sourceIdentifier": "security@apache.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-184"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}