9.8

CVSS Score

3.1

Basic Information

CVE ID

CVE-2022-24697

GHSA ID

GHSA-ppxx-m926-g569

EPSS Score

0.97239%

CWE

CWE-77

Published

7/6/2023

Updated

8/8/2023

KEV Status

Technology

Java

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2022-24697

CVE-2022-24697: Apache Kylin vulnerable to remote code execution

Kylin's cube designer function has a command injection vulnerability when overwriting system parameters in the configuration overwrites menu. RCE can be implemented by closing the single quotation marks around the parameter value of “-- conf=” to inject any operating system command into the command line parameters. This vulnerability affects Kylin 2 version 2.6.5 and earlier, Kylin 3 version 3.1.2 and earlier, and Kylin 4 version 4.0.1 and earlier.

(GitHub Advisory)

9.8

CVSS Score

3.1

Basic Information

CVE ID

CVE-2022-24697

GHSA ID

GHSA-ppxx-m926-g569

EPSS Score

0.97239%

CWE

CWE-77

Published

7/6/2023

Updated

8/8/2023

KEV Status

Technology

Java

Technical Details

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
org.apache.kylin:kylin-core-common	maven	< 4.0.2	4.0.2
org.apache.kylin:kylin-spark-project	maven	< 4.0.2	4.0.2
org.apache.kylin:kylin-server-base	maven	< 4.0.2	4.0.2

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability occurs during Spark command construction where user-supplied configuration parameters (--conf) are directly embedded into the command string. The advisory mentions command injection via breaking out of single quotes around '--conf' values, indicating improper neutralization during command string assembly. The affected packages (kylin-spark-project) and CWE-77 pattern both point to command-building functions in Spark job execution logic. The subsequent CVE-2022-43396 and its patch (PR #2011) confirm that the initial fix in PR #1811 was insufficient, reinforcing that the core vulnerability resides in how Spark commands are constructed with user input.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

Kylin's *u** **si*n*r *un*tion **s * *omm*n* inj**tion vuln*r**ility w**n ov*rwritin* syst*m p*r*m*t*rs in t** *on*i*ur*tion ov*rwrit*s m*nu. R** **n ** impl*m*nt** *y *losin* t** sin*l* quot*tion m*rks *roun* t** p*r*m*t*r v*lu* o* “-- *on*=” to inj

Reasoning

T** vuln*r**ility o**urs *urin* Sp*rk *omm*n* *onstru*tion w**r* us*r-suppli** *on*i*ur*tion p*r*m*t*rs (--*on*) *r* *ir**tly *m****** into t** *omm*n* strin*. T** **visory m*ntions *omm*n* inj**tion vi* *r**kin* out o* sin*l* quot*s *roun* '--*on*'

9.8

Basic Information

Concerned about an active attack path?

CVE-2022-24697: Apache Kylin vulnerable to remote code execution

9.8

Basic Information

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability Intelligence
Miggo AI