Lucene search

K
cvelistApacheCVELIST:CVE-2024-26307
HistoryMar 21, 2024 - 9:38 a.m.

CVE-2024-26307 Apache Doris: Possible race condition

2024-03-2109:38:19
CWE-362
apache
www.cve.org
apache doris
race condition
vulnerability
chmod method
upgrade
cve-2024-26307

6.9 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.0%

Possible race condition vulnerability in Apache Doris.
Some of code using chmod() method. This method run the risk of someone renaming the file out from under user and chmodding the wrong file.
This could theoretically happen, but the impact would be minimal.
This issue affects Apache Doris: before 1.2.8, before 2.0.4.

Users are recommended to upgrade to version 2.0.4, which fixes the issue.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Apache Doris",
    "vendor": "Apache Software Foundation",
    "versions": [
      {
        "lessThan": "1.2.8",
        "status": "affected",
        "version": "0",
        "versionType": "semver"
      },
      {
        "lessThan": "2.0.4",
        "status": "affected",
        "version": "0",
        "versionType": "semver"
      }
    ]
  }
]

6.9 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.0%

Related for CVELIST:CVE-2024-26307