Plataforma
java
Componente
org.apache.kylin:kylin-common-server
Corregido en
5.0.2
5.0.2
CVE-2024-48944 describes a Server-Side Request Forgery (SSRF) vulnerability discovered in Apache Kylin. This vulnerability allows an authenticated attacker to potentially leak information by forging requests to internal hosts. The issue affects Apache Kylin versions 5.0.0 and prior, and a fix is available in version 5.0.2.
The SSRF vulnerability in Apache Kylin allows an attacker with administrative privileges to craft malicious requests. By exploiting this flaw, an attacker can potentially trigger requests to internal services or hosts that are not directly accessible from the outside world. This could lead to information disclosure, as the attacker might be able to access sensitive data exposed through the /kylin/api/xxx/diag endpoint on internal systems. The potential blast radius is limited to internal resources accessible from the Kylin server, but the impact can be significant if those resources contain sensitive data.
This vulnerability is not currently listed on the CISA KEV catalog. Public proof-of-concept exploits are not widely available, suggesting a low probability of immediate widespread exploitation. The vulnerability was publicly disclosed on 2025-03-27. Given the requirement for administrative access, exploitation is likely to be targeted and require insider knowledge or compromised credentials.
Organizations running Apache Kylin versions 5.0.0 and prior, particularly those with internal services accessible from the Kylin server, are at risk. Shared hosting environments where multiple users share a Kylin instance are also vulnerable, as an attacker could potentially exploit the vulnerability through a compromised user account.
• java / server: Monitor Kylin server logs for unusual outbound requests, particularly those targeting internal hosts or the /kylin/api/xxx/diag endpoint. Use network monitoring tools to detect suspicious connections originating from the Kylin server.
grep -i '/kylin/api/xxx/diag' /var/log/kylin/kylin.log• java / supply-chain: Examine dependencies for known vulnerabilities that could be chained with this SSRF vulnerability.
• generic web: Check for exposed internal services reachable from the Kylin server using tools like nmap or curl to identify potential targets for SSRF attacks.
disclosure
Estado del Exploit
EPSS
0.14% (34% percentil)
The primary mitigation for CVE-2024-48944 is to upgrade Apache Kylin to version 5.0.2 or later, which includes the fix for this vulnerability. If upgrading immediately is not feasible, consider restricting network access to the Kylin server to prevent it from reaching internal resources. Implement strict firewall rules to limit outbound connections from the Kylin server. Additionally, review and secure any internal services exposed through the /kylin/api/xxx/diag endpoint to minimize potential data leakage. After upgrading, confirm the fix by attempting to trigger the SSRF vulnerability and verifying that the request is blocked.
Actualice Apache Kylin a la versión 5.0.2 o superior. Esta versión corrige la vulnerabilidad SSRF en la API de diagnóstico. La actualización evitará que atacantes con acceso administrativo a un servidor Kylin puedan falsificar solicitudes a otros hosts internos y obtener información sensible.
Análisis de vulnerabilidades y alertas críticas directamente en tu correo.
CVE-2024-48944 is a Server-Side Request Forgery vulnerability in Apache Kylin versions 5.0.0 and earlier, allowing attackers with admin access to potentially leak information by forging requests to internal hosts.
You are affected if you are running Apache Kylin versions 5.0.0 or earlier. Upgrade to 5.0.2 or later to mitigate the vulnerability.
Upgrade Apache Kylin to version 5.0.2 or later. As a temporary workaround, restrict network access to the Kylin server to prevent it from reaching internal resources.
There is no confirmed evidence of active exploitation at this time, but the vulnerability remains a potential risk.
Refer to the Apache Kylin security advisories on the Apache project website for the latest information and updates: https://kylin.apache.org/security/
Sube tu archivo de dependencias y detecta esta y otras CVEs al instante.
Sube tu archivo pom.xml y te decimos al instante si estás afectado.