CVE-2023-29055 – Apache Kylin versions 2.0.0 to 4.0.3 expose ser... (How to Fix)

Q: What is the severity of CVE-2023-29055?

CVE-2023-29055 has a CVSS score of 7.5 (HIGH). Apache Kylin versions 2.0.0 to 4.0.3 expose server credentials through an unencrypted web interface that displays the kylin.properties file contents. Attackers can intercept network traffic to steal credentials when HTTP is used instead of HTTPS. This affects all Apache Kylin deployments using vulnerable versions with the Server Config interface accessible.

📋 TL;DR

Apache Kylin versions 2.0.0 to 4.0.3 expose server credentials through an unencrypted web interface that displays the kylin.properties file contents. Attackers can intercept network traffic to steal credentials when HTTP is used instead of HTTPS. This affects all Apache Kylin deployments using vulnerable versions with the Server Config interface accessible.

💻 Affected Systems

Products:

Apache Kylin

Versions: 2.0.0 to 4.0.3

Operating Systems: All

Default Config Vulnerable: ⚠️ Yes

Notes: Vulnerability exists when Server Config web interface is accessible and HTTP is used instead of HTTPS.

📦 What is this software?

Kylin by Apache

View all CVEs affecting Kylin →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers gain administrative credentials, leading to complete system compromise, data theft, and potential lateral movement to connected systems.

🟠

Likely Case

Credential theft allowing unauthorized access to the Kylin instance and potentially connected databases or services.

🟢

If Mitigated

Limited to information disclosure without sensitive credentials present, or no impact with proper encryption and access controls.

🌐 Internet-Facing: HIGH - Internet-facing instances are highly vulnerable to network sniffing attacks.

🏢 Internal Only: MEDIUM - Internal networks still risk credential exposure to internal attackers or compromised systems.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires network access to intercept unencrypted HTTP traffic; no authentication needed to access the vulnerable interface.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Apache Kylin 4.0.4

Vendor Advisory: https://lists.apache.org/thread/o1bvyv9wnfkx7dxpfjlor20nykgsoh6r

Restart Required: Yes

Instructions:

1. Download Apache Kylin 4.0.4 from official sources. 2. Backup current installation and data. 3. Stop Kylin service. 4. Replace with new version. 5. Restart Kylin service. 6. Verify functionality.

🔧 Temporary Workarounds

Enable HTTPS

all

Configure Kylin to use HTTPS instead of HTTP to encrypt network traffic.

Configure SSL/TLS in kylin.properties: kylin.server.https-port=443
Set up SSL certificates and restart service

Remove credentials from kylin.properties

all

Move sensitive credentials to secure storage or encrypt them within the file.

Edit kylin.properties to remove or encrypt credential entries
Use environment variables or secure vault for credentials

🧯 If You Can't Patch

Implement strict network segmentation and firewall rules to limit access to Kylin servers
Deploy network monitoring and intrusion detection to alert on suspicious traffic patterns

🔍 How to Verify

Check if Vulnerable:

Check Kylin version via web interface or command: grep 'kylin.version' kylin.properties

Check Version:

grep 'kylin.version' /path/to/kylin.properties

Verify Fix Applied:

After upgrade, confirm version is 4.0.4+ and test that Server Config interface no longer displays sensitive content from kylin.properties

📡 Detection & Monitoring

Log Indicators:

Unusual access patterns to Server Config interface
Failed authentication attempts following credential exposure

Network Indicators:

Unencrypted HTTP traffic to Kylin servers on unusual ports
Suspicious outbound connections from Kylin servers

SIEM Query:

source="kylin.log" AND (uri="/kylin/api/admin/config" OR message="credentials")

📊 Metadata

CVE ID: CVE-2023-29055

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE: CWE-522

Published: January 29, 2024

Last Updated: June 20, 2025

🔗 References

http://www.openwall.com/lists/oss-security/2024/01/29/1 Mailing List
https://lists.apache.org/thread/o1bvyv9wnfkx7dxpfjlor20nykgsoh6r Mailing List
http://www.openwall.com/lists/oss-security/2024/01/29/1 Mailing List
https://lists.apache.org/thread/o1bvyv9wnfkx7dxpfjlor20nykgsoh6r Mailing List

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-29055, you might also want to check these: