CVE-2022-24697 (GCVE-0-2022-24697)
Vulnerability from cvelistv5
Published
2022-10-13 00:00
Modified
2025-05-16 13:42
Severity ?
CWE
  • Command injection
Summary
Kylin's cube designer function has a command injection vulnerability when overwriting system parameters in the configuration overwrites menu. RCE can be implemented by closing the single quotation marks around the parameter value of “-- conf=” to inject any operating system command into the command line parameters. This vulnerability affects Kylin 2 version 2.6.5 and earlier, Kylin 3 version 3.1.2 and earlier, and Kylin 4 version 4.0.1 and earlier.
References
security@apache.orghttp://www.openwall.com/lists/oss-security/2022/12/30/1Mailing List, Patch, Third Party Advisory
security@apache.orghttps://lists.apache.org/thread/07mnn9c7o314wrhrwjr10w9j5s82voj4Mailing List, Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.openwall.com/lists/oss-security/2022/12/30/1Mailing List, Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread/07mnn9c7o314wrhrwjr10w9j5s82voj4Mailing List, Patch, Vendor Advisory
Impacted products
Vendor Product Version
Apache Software Foundation Apache Kylin Version: Apache Kylin 2   < 2.6.6
Version: Apache Kylin 3   <
Version: Apache Kylin 4   <
Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T04:20:49.956Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread/07mnn9c7o314wrhrwjr10w9j5s82voj4"
          },
          {
            "name": "[oss-security] 20221230 CVE-2022-43396: Apache Kylin: Command injection by Useless configuration",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2022/12/30/1"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 9.8,
              "baseSeverity": "CRITICAL",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2022-24697",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-05-16T13:42:40.294419Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-78",
                "description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-05-16T13:42:57.582Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Apache Kylin",
          "vendor": "Apache Software Foundation",
          "versions": [
            {
              "lessThan": "2.6.6",
              "status": "affected",
              "version": "Apache Kylin 2",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "3.1.2",
              "status": "affected",
              "version": "Apache Kylin 3",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "4.0.1",
              "status": "affected",
              "version": "Apache Kylin 4",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Kylin Team would like to thanks Kai Zhao of ToTU Secruity Team."
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Kylin\u0027s cube designer function has a command injection vulnerability when overwriting system parameters in the configuration overwrites menu. RCE can be implemented by closing the single quotation marks around the parameter value of \u201c-- conf=\u201d to inject any operating system command into the command line parameters. This vulnerability affects Kylin 2 version 2.6.5 and earlier, Kylin 3 version 3.1.2 and earlier, and Kylin 4 version 4.0.1 and earlier."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "other": "important"
            },
            "type": "unknown"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Command injection",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-12-30T00:00:00.000Z",
        "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
        "shortName": "apache"
      },
      "references": [
        {
          "url": "https://lists.apache.org/thread/07mnn9c7o314wrhrwjr10w9j5s82voj4"
        },
        {
          "name": "[oss-security] 20221230 CVE-2022-43396: Apache Kylin: Command injection by Useless configuration",
          "tags": [
            "mailing-list"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2022/12/30/1"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Apache Kylin prior to 4.0.2 allows command injection when the configuration overwrites function overwrites system parameters",
      "workarounds": [
        {
          "lang": "en",
          "value": "Users of Kylin 2.x \u0026 Kylin 3.x \u0026 4.x should upgrade to 4.0.2 or apply patch https://github.com/apache/kylin/pull/1811 ."
        }
      ],
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
    "assignerShortName": "apache",
    "cveId": "CVE-2022-24697",
    "datePublished": "2022-10-13T00:00:00.000Z",
    "dateReserved": "2022-02-09T00:00:00.000Z",
    "dateUpdated": "2025-05-16T13:42:57.582Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2022-24697\",\"sourceIdentifier\":\"security@apache.org\",\"published\":\"2022-10-13T13:15:09.900\",\"lastModified\":\"2025-05-16T14:15:27.127\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Kylin\u0027s cube designer function has a command injection vulnerability when overwriting system parameters in the configuration overwrites menu. RCE can be implemented by closing the single quotation marks around the parameter value of \u201c-- conf=\u201d to inject any operating system command into the command line parameters. This vulnerability affects Kylin 2 version 2.6.5 and earlier, Kylin 3 version 3.1.2 and earlier, and Kylin 4 version 4.0.1 and earlier.\"},{\"lang\":\"es\",\"value\":\"La funci\u00f3n cube designer de Kylin presenta una vulnerabilidad de inyecci\u00f3n de comandos cuando son sobrescritos los par\u00e1metros del sistema en el men\u00fa de sobreescritura de la configuraci\u00f3n. Un RCE puede ser implementado cerrando las comillas simples alrededor del valor del par\u00e1metro \\\"conf\\\" para inyectar cualquier comando del sistema operativo en los par\u00e1metros de la l\u00ednea de comandos. Esta vulnerabilidad afecta a Kylin 2 versiones 2.6.5 y anteriores, Kylin 3 versiones 3.1.2 y anteriores, y Kylin 4 versiones 4.0.1 y anteriores\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-78\"}]},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-78\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:kylin:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"2.0.0\",\"versionEndExcluding\":\"2.6.6\",\"matchCriteriaId\":\"C6B74CB6-F87D-4447-B14C-A670119EE2CB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:kylin:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"3.0.0\",\"versionEndIncluding\":\"3.1.2\",\"matchCriteriaId\":\"3E3780DD-1577-4A26-91B0-7A8687D257CD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:kylin:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"4.0.0\",\"versionEndIncluding\":\"4.0.1\",\"matchCriteriaId\":\"122C33FB-877C-4C73-8298-15B500FBB1DA\"}]}]}],\"references\":[{\"url\":\"http://www.openwall.com/lists/oss-security/2022/12/30/1\",\"source\":\"security@apache.org\",\"tags\":[\"Mailing List\",\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://lists.apache.org/thread/07mnn9c7o314wrhrwjr10w9j5s82voj4\",\"source\":\"security@apache.org\",\"tags\":[\"Mailing List\",\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2022/12/30/1\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://lists.apache.org/thread/07mnn9c7o314wrhrwjr10w9j5s82voj4\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Patch\",\"Vendor Advisory\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://lists.apache.org/thread/07mnn9c7o314wrhrwjr10w9j5s82voj4\", \"tags\": [\"x_transferred\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2022/12/30/1\", \"name\": \"[oss-security] 20221230 CVE-2022-43396: Apache Kylin: Command injection by Useless configuration\", \"tags\": [\"mailing-list\", \"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-03T04:20:49.956Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 9.8, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"CRITICAL\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2022-24697\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-05-16T13:42:40.294419Z\"}}}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-78\", \"description\": \"CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)\"}]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-05-16T13:42:53.284Z\"}}], \"cna\": {\"title\": \"Apache Kylin prior to 4.0.2 allows command injection when the configuration overwrites function overwrites system parameters\", \"source\": {\"discovery\": \"UNKNOWN\"}, \"credits\": [{\"lang\": \"en\", \"value\": \"Kylin Team would like to thanks Kai Zhao of ToTU Secruity Team.\"}], \"metrics\": [{\"other\": {\"type\": \"unknown\", \"content\": {\"other\": \"important\"}}}], \"affected\": [{\"vendor\": \"Apache Software Foundation\", \"product\": \"Apache Kylin\", \"versions\": [{\"status\": \"affected\", \"version\": \"Apache Kylin 2\", \"lessThan\": \"2.6.6\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"Apache Kylin 3\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"3.1.2\"}, {\"status\": \"affected\", \"version\": \"Apache Kylin 4\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"4.0.1\"}]}], \"references\": [{\"url\": \"https://lists.apache.org/thread/07mnn9c7o314wrhrwjr10w9j5s82voj4\"}, {\"url\": \"http://www.openwall.com/lists/oss-security/2022/12/30/1\", \"name\": \"[oss-security] 20221230 CVE-2022-43396: Apache Kylin: Command injection by Useless configuration\", \"tags\": [\"mailing-list\"]}], \"workarounds\": [{\"lang\": \"en\", \"value\": \"Users of Kylin 2.x \u0026 Kylin 3.x \u0026 4.x should upgrade to 4.0.2 or apply patch https://github.com/apache/kylin/pull/1811 .\"}], \"x_generator\": {\"engine\": \"Vulnogram 0.0.9\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"Kylin\u0027s cube designer function has a command injection vulnerability when overwriting system parameters in the configuration overwrites menu. RCE can be implemented by closing the single quotation marks around the parameter value of \\u201c-- conf=\\u201d to inject any operating system command into the command line parameters. This vulnerability affects Kylin 2 version 2.6.5 and earlier, Kylin 3 version 3.1.2 and earlier, and Kylin 4 version 4.0.1 and earlier.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"text\", \"description\": \"Command injection\"}]}], \"providerMetadata\": {\"orgId\": \"f0158376-9dc2-43b6-827c-5f631a4d8d09\", \"shortName\": \"apache\", \"dateUpdated\": \"2022-12-30T00:00:00.000Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2022-24697\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-05-16T13:42:57.582Z\", \"dateReserved\": \"2022-02-09T00:00:00.000Z\", \"assignerOrgId\": \"f0158376-9dc2-43b6-827c-5f631a4d8d09\", \"datePublished\": \"2022-10-13T00:00:00.000Z\", \"assignerShortName\": \"apache\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.