Lucene search
K

113 matches found

CNVD
CNVD
added 2024/03/14 12:0 a.m.27 views

Apache Doris Information Disclosure Vulnerability (CNVD-2024-13570)

Apache Doris is a modern MPP analytic database product of the U.S. Apache Apache Foundation. Can provide sub-second queries and efficient real-time data analysis. Apache Doris suffers from an information disclosure vulnerability that can be exploited by an attacker to obtain sensitive information...

9.8CVSS6.2AI score0.01014EPSS
Exploits0References1
OSV
OSV
added 2024/03/12 11:15 a.m.4 views

CVE-2023-41313

The authentication method in Apache Doris versions before 2.0.0 was vulnerable to timing attacks. Users are recommended to upgrade to version 2.0.0 + or 1.2.8, which fixes this issue...

9.8CVSS5.8AI score0.01014EPSS
Exploits0References2
NVD
NVD
added 2024/03/12 11:15 a.m.19 views

CVE-2023-41313

The authentication method in Apache Doris versions before 2.0.0 was vulnerable to timing attacks. Users are recommended to upgrade to version 2.0.0 + or 1.2.8, which fixes this issue...

9.8CVSS6.7AI score0.01014EPSS
Exploits0References2
Prion
Prion
added 2024/03/12 11:15 a.m.41 views

Authentication flaw

The authentication method in Apache Doris versions before 2.0.0 was vulnerable to timing attacks. Users are recommended to upgrade to version 2.0.0 + or 1.2.8, which fixes this issue...

7AI score0.01014EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/03/12 10:16 a.m.18 views

CVE-2023-41313 Apache Doris: Timing Attack weakness

The authentication method in Apache Doris versions before 2.0.0 was vulnerable to timing attacks. Users are recommended to upgrade to version 2.0.0 + or 1.2.8, which fixes this issue...

7AI score0.01014EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/03/12 10:16 a.m.10 views

CVE-2023-41313 Apache Doris: Timing Attack weakness

The authentication method in Apache Doris versions before 2.0.0 was vulnerable to timing attacks. Users are recommended to upgrade to version 2.0.0 + or 1.2.8, which fixes this issue...

9.7AI score0.01014EPSS
Exploits0References2
CVE
CVE
added 2024/03/12 10:16 a.m.63 views

CVE-2023-41313

CVE-2023-41313 — Apache Doris : The authentication method in Apache Doris versions before 2.0.0 is vulnerable to timing attacks. Upgrading fixes the issue, with recommended versions being 2.0.0+ or 1.2.8. This vulnerability is described across multiple sources in the connected documents, includin...

9.8CVSS9.6AI score0.01014EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2024/03/12 12:0 a.m.2 views

Apache Doris 安全漏洞

Apache Doris is a modern MPP analytic database product of the U.S. Apache Apache Foundation. Can provide sub-second queries and efficient real-time data analysis. Apache Doris suffers from an information disclosure vulnerability that can be exploited by an attacker to obtain sensitive information...

9.8CVSS6.1AI score0.01014EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2024/03/10 12:0 a.m.3 views

PT-2024-12938 · Apache · Apache Doris

Name of the Vulnerable Software and Affected Versions: Apache Doris versions prior to 2.0.0 Apache Doris version 1.2.8 and earlier Description: The authentication method in Apache Doris was vulnerable to timing attacks. This issue allows attackers to potentially exploit the system. Users are...

9.8CVSS7.3AI score0.01014EPSS
Exploits0References8
Openbugbounty
Openbugbounty
added 2024/03/09 9:17 a.m.7 views

dorismccarthygallery.utoronto.ca Cross Site Scripting vulnerability OBB-3868142

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

6.2AI score
Exploits0
CNVD
CNVD
added 2023/12/20 12:0 a.m.7 views

Apache Doris Authorization Issues Vulnerability

Apache Doris is a modern MPP analytic database product of the U.S. Apache Apache Foundation. Can provide sub-second queries and efficient real-time data analysis. Apache Doris suffers from an authorization issue vulnerability that stems from api /api/snapshot and /api/getlogfile allowing...

8.2CVSS7AI score0.00898EPSS
Exploits0References1
Cvelist
Cvelist
added 2023/12/18 8:27 a.m.27 views

CVE-2023-41314 Apache Doris: Missing API authentication allowed DoS

The api /api/snapshot and /api/getlogfile would allow unauthenticated access. It could allow a DoS attack or get arbitrary files from FE node. Please upgrade to 2.0.3 to fix these issues...

8.5AI score0.00898EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2023/12/18 8:27 a.m.20 views

CVE-2023-41314 Apache Doris: Missing API authentication allowed DoS

The api /api/snapshot and /api/getlogfile would allow unauthenticated access. It could allow a DoS attack or get arbitrary files from FE node. Please upgrade to 2.0.3 to fix these issues...

7.2AI score0.00898EPSS
Exploits0References1
Openbugbounty
Openbugbounty
added 2023/11/12 1:25 p.m.9 views

dorismccarthygallery.utoronto.ca Cross Site Scripting vulnerability OBB-3777862

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

6.1AI score
Exploits0
Openbugbounty
Openbugbounty
added 2023/07/26 1:27 p.m.20 views

dorismccarthygallery.utoronto.ca Cross Site Scripting vulnerability OBB-3551960

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

6.1AI score
Exploits0
Openbugbounty
Openbugbounty
added 2022/11/27 9:26 p.m.16 views

doris-metzger-immobilier.fr Cross Site Scripting vulnerability OBB-3075072

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

6.2AI score
Exploits0
CNVD
CNVD
added 2022/04/28 12:0 a.m.17 views

Apache Doris Information Disclosure Vulnerability

Apache Doris is a modern MPP analytics database product from the Apache Foundation, USA. An information disclosure vulnerability exists in versions of Apache Doris prior to 1.0.0, which stems from the use of hard-coded keys and IVs to initialize the cipher used for ldap passwords. An attacker cou...

7.5CVSS3.1AI score0.03137EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2022/04/27 12:0 a.m.11 views

Apache Doris hardcoded key and IV

Apache Doris, prior to 1.0.0, used a hardcoded key and IV to initialize the cipher used for ldap password, which may lead to information disclosure...

7.5CVSS6.4AI score0.03137EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2022/04/27 12:0 a.m.5 views

GHSA-98J2-HFXP-8H8R Apache Doris hardcoded key and IV

Apache Doris, prior to 1.0.0, used a hardcoded key and IV to initialize the cipher used for ldap password, which may lead to information disclosure...

7.5CVSS7.3AI score0.03137EPSS
Exploits0References6
OSV
OSV
added 2022/04/26 4:15 p.m.5 views

CVE-2022-23942

Apache Doris, prior to 1.0.0, used a hardcoded key and IV to initialize the cipher used for ldap password, which may lead to information disclosure...

7.5CVSS5.8AI score0.03137EPSS
Exploits0References3
Rows per page
Query Builder