Session Fixation vulnerability in Apache Kylin.

This issue affects Apache Kylin: from 2.0.0 through 4.x.

Users are recommended to upgrade to version 5.0.0 or above, which fixes the issue.
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

Fri, 11 Jul 2025 13:45:00 +0000

Type Values Removed Values Added
Metrics epss

{'score': 0.00114}

epss

{'score': 0.00297}


Fri, 22 Nov 2024 12:00:00 +0000

Type Values Removed Values Added
References

Tue, 05 Nov 2024 15:15:00 +0000

Type Values Removed Values Added
First Time appeared Apache Software Foundation
Apache Software Foundation apache Kylin
CPEs cpe:2.3:a:apache_software_foundation:apache_kylin:*:*:*:*:*:*:*:*
Vendors & Products Apache Software Foundation
Apache Software Foundation apache Kylin
Metrics cvssV3_1

{'score': 9.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Mon, 04 Nov 2024 09:30:00 +0000

Type Values Removed Values Added
Description Session Fixation vulnerability in Apache Kylin. This issue affects Apache Kylin: from 2.0.0 through 4.x. Users are recommended to upgrade to version 5.0.0 or above, which fixes the issue.
Title Apache Kylin: Session fixation in web interface
Weaknesses CWE-384
References

cve-icon MITRE

Status: PUBLISHED

Assigner: apache

Published:

Updated: 2024-11-05T14:50:24.558Z

Reserved: 2024-01-18T10:47:26.405Z

Link: CVE-2024-23590

cve-icon Vulnrichment

Updated: 2024-11-04T10:03:14.888Z

cve-icon NVD

Status : Analyzed

Published: 2024-11-04T10:15:04.990

Modified: 2025-07-10T21:41:27.290

Link: CVE-2024-23590

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.