CVE-2021-27738 : Security Advisory and Response

This article provides details about CVE-2021-27738, also known as 'Improper Access Control to Streaming Coordinator & SSRF', affecting Apache Kylin.

Understanding CVE-2021-27738

CVE-2021-27738 is a security vulnerability that impacts Apache Kylin versions prior to 3.1.2, allowing unauthenticated users to issue arbitrary requests through the Kylin Coordinator.

What is CVE-2021-27738?

The vulnerability arises from missing security checks in specific request mappings, enabling unauthorized access to critical functions within Apache Kylin.

The Impact of CVE-2021-27738

This vulnerability permits unauthenticated users to carry out various actions, such as manipulating streaming cubes and replica sets, which can compromise the integrity of the Kylin Coordinator.

Technical Details of CVE-2021-27738

CVE-2021-27738 is classified as CWE-918 Server-Side Request Forgery (SSRF), denoting a moderate severity level.

Vulnerability Description

The issue arises from inadequate security measures in handling REST API endpoints, leading to unauthorized access and potential SSRF attacks.

Affected Systems and Versions

Apache Kylin 3 versions prior to 3.1.2 are vulnerable to this security flaw.

Exploitation Mechanism

Unauthenticated users can exploit this vulnerability to issue unauthorized requests and potentially perform SSRF attacks through HTTP message bodies.

Mitigation and Prevention

To address CVE-2021-27738, users of Apache Kylin 3.x are advised to upgrade to version 3.1.3 or apply the provided patch.

Immediate Steps to Take

Ensure prompt update to Apache Kylin 3.1.3 or apply the official patch to mitigate the risk of exploitation.

Long-Term Security Practices

Implement stringent access controls, regular security assessments, and stay informed about software updates and security advisories.

Patching and Updates

Regularly monitor Apache Kylin's official sources for patches, updates, and security best practices to prevent similar vulnerabilities in the future.