Insecure Encryption Affecting org.apache.kylin:kylin-core-common package, versions [,3.1.3) [4.0.0-alpha,4.0.1)


0.0
medium
  • Attack Complexity

    High

  • Privileges Required

    High

  • User Interaction

    Required

  • Confidentiality

    High

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • snyk-id

    SNYK-JAVA-ORGAPACHEKYLIN-2331003

  • published

    6 Jan 2022

  • disclosed

    6 Jan 2022

  • credit

    Alvaro Munoz

How to fix?

Upgrade org.apache.kylin:kylin-core-common to version 3.1.3, 4.0.1 or higher.

Overview

org.apache.kylin:kylin-core-common is a package part of Apache Kylin.

Affected versions of this package are vulnerable to Insecure Encryption. If users use class PasswordPlaceholderConfigurer to encrypt their password and configure it into kylin's configuration file, there is a risk that the password may be decrypted.