Plattform
java
Komponente
org.apache.kylin:kylin-common-server
Behoben in
5.0.2
5.0.2
CVE-2024-48944 describes a Server-Side Request Forgery (SSRF) vulnerability discovered in Apache Kylin. This vulnerability allows an authenticated attacker to potentially leak information by forging requests to internal hosts. The issue affects Apache Kylin versions 5.0.0 and prior, and a fix is available in version 5.0.2.
The primary impact of this SSRF vulnerability lies in the potential for information disclosure. An attacker, possessing administrative privileges within the Kylin environment, can leverage the /kylin/api/xxx/diag endpoint to craft malicious requests targeting other internal services. If these internal services expose sensitive data or functionalities, the attacker could potentially gain unauthorized access to that information. The blast radius is limited to the internal network accessible from the Kylin server, but the consequences could be significant depending on the sensitivity of the targeted internal resources. This vulnerability shares similarities with other SSRF exploits where attackers leverage internal network access to probe and potentially compromise other systems.
CVE-2024-48944 was publicly disclosed on March 27, 2025. The CVSS score is LOW (2.5), indicating a relatively low probability of exploitation. No public proof-of-concept (PoC) code has been released as of the disclosure date. It is not currently listed on the CISA KEV catalog. Active exploitation campaigns are not currently known.
Organizations running Apache Kylin versions 5.0.0 and prior, particularly those with internal services accessible from the Kylin server, are at risk. Shared hosting environments where multiple users share a Kylin instance are also vulnerable, as an attacker could potentially exploit the vulnerability through a compromised user account.
• java / server: Monitor Kylin server logs for unusual outbound requests, particularly those targeting internal hosts or the /kylin/api/xxx/diag endpoint. Use network monitoring tools to detect suspicious connections originating from the Kylin server.
grep -i '/kylin/api/xxx/diag' /var/log/kylin/kylin.log• java / supply-chain: Examine dependencies for known vulnerabilities that could be chained with this SSRF vulnerability.
• generic web: Check for exposed internal services reachable from the Kylin server using tools like nmap or curl to identify potential targets for SSRF attacks.
disclosure
Exploit-Status
EPSS
0.14% (34% Perzentil)
The recommended mitigation for CVE-2024-48944 is to immediately upgrade Apache Kylin to version 5.0.2 or later, which includes the fix for this vulnerability. If upgrading is not immediately feasible, consider implementing temporary workarounds. Restrict network access from the Kylin server to only necessary internal hosts. Implement strict firewall rules to block outbound traffic to unauthorized destinations. Monitor the /kylin/api/xxx/diag endpoint for suspicious activity. While a WAF might offer some protection, it is not a substitute for patching the underlying vulnerability. After upgrading, confirm the fix by attempting to trigger the SSRF vulnerability and verifying that the request is blocked.
Actualice Apache Kylin a la versión 5.0.2 o superior. Esta versión corrige la vulnerabilidad SSRF en la API de diagnóstico. La actualización evitará que atacantes con acceso administrativo a un servidor Kylin puedan falsificar solicitudes a otros hosts internos y obtener información sensible.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2024-48944 is a Server-Side Request Forgery vulnerability in Apache Kylin versions 5.0.0 and earlier, allowing attackers with admin access to potentially leak information by forging requests to internal hosts.
You are affected if you are running Apache Kylin versions 5.0.0 or earlier. Upgrade to 5.0.2 or later to mitigate the vulnerability.
Upgrade Apache Kylin to version 5.0.2 or later. As a temporary workaround, restrict network access to the Kylin server to prevent it from reaching internal resources.
There is no confirmed evidence of active exploitation at this time, but the vulnerability remains a potential risk.
Refer to the Apache Kylin security advisories on the Apache project website for the latest information and updates: https://kylin.apache.org/security/
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.
Lade deine pom.xml-Datei hoch und wir sagen dir sofort, ob du betroffen bist.