Lucene search

K
cnvdChina National Vulnerability DatabaseCNVD-2024-16111
HistoryMar 26, 2024 - 12:00 a.m.

Apache Doris Security Bypass Vulnerability

2024-03-2600:00:00
China National Vulnerability Database
www.cnvd.org.cn
4
apache doris
security bypass
mpp
analytic database
chmod() function

6.9 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

9.0%

Apache Doris is a modern MPP analytic database product of the U.S. Apache (Apache) Foundation. Can provide sub-second queries and efficient real-time data analysis. Apache Doris has a security bypass vulnerability that stems from the use of the chmod() function, which can be exploited by an attacker to rename files from under user and modify the wrong files.

CPENameOperatorVersion
apache dorislt1.2.8
apache dorislt2.0.4

6.9 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

9.0%

Related for CNVD-2024-16111