113 matches found
Apache Doris Information Disclosure Vulnerability (CNVD-2024-13570)
Apache Doris is a modern MPP analytic database product of the U.S. Apache Apache Foundation. Can provide sub-second queries and efficient real-time data analysis. Apache Doris suffers from an information disclosure vulnerability that can be exploited by an attacker to obtain sensitive information...
CVE-2023-41313
The authentication method in Apache Doris versions before 2.0.0 was vulnerable to timing attacks. Users are recommended to upgrade to version 2.0.0 + or 1.2.8, which fixes this issue...
CVE-2023-41313
The authentication method in Apache Doris versions before 2.0.0 was vulnerable to timing attacks. Users are recommended to upgrade to version 2.0.0 + or 1.2.8, which fixes this issue...
Authentication flaw
The authentication method in Apache Doris versions before 2.0.0 was vulnerable to timing attacks. Users are recommended to upgrade to version 2.0.0 + or 1.2.8, which fixes this issue...
CVE-2023-41313 Apache Doris: Timing Attack weakness
The authentication method in Apache Doris versions before 2.0.0 was vulnerable to timing attacks. Users are recommended to upgrade to version 2.0.0 + or 1.2.8, which fixes this issue...
CVE-2023-41313 Apache Doris: Timing Attack weakness
The authentication method in Apache Doris versions before 2.0.0 was vulnerable to timing attacks. Users are recommended to upgrade to version 2.0.0 + or 1.2.8, which fixes this issue...
CVE-2023-41313
CVE-2023-41313 — Apache Doris : The authentication method in Apache Doris versions before 2.0.0 is vulnerable to timing attacks. Upgrading fixes the issue, with recommended versions being 2.0.0+ or 1.2.8. This vulnerability is described across multiple sources in the connected documents, includin...
Apache Doris 安全漏洞
Apache Doris is a modern MPP analytic database product of the U.S. Apache Apache Foundation. Can provide sub-second queries and efficient real-time data analysis. Apache Doris suffers from an information disclosure vulnerability that can be exploited by an attacker to obtain sensitive information...
PT-2024-12938 · Apache · Apache Doris
Name of the Vulnerable Software and Affected Versions: Apache Doris versions prior to 2.0.0 Apache Doris version 1.2.8 and earlier Description: The authentication method in Apache Doris was vulnerable to timing attacks. This issue allows attackers to potentially exploit the system. Users are...
dorismccarthygallery.utoronto.ca Cross Site Scripting vulnerability OBB-3868142
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
Apache Doris Authorization Issues Vulnerability
Apache Doris is a modern MPP analytic database product of the U.S. Apache Apache Foundation. Can provide sub-second queries and efficient real-time data analysis. Apache Doris suffers from an authorization issue vulnerability that stems from api /api/snapshot and /api/getlogfile allowing...
CVE-2023-41314 Apache Doris: Missing API authentication allowed DoS
The api /api/snapshot and /api/getlogfile would allow unauthenticated access. It could allow a DoS attack or get arbitrary files from FE node. Please upgrade to 2.0.3 to fix these issues...
CVE-2023-41314 Apache Doris: Missing API authentication allowed DoS
The api /api/snapshot and /api/getlogfile would allow unauthenticated access. It could allow a DoS attack or get arbitrary files from FE node. Please upgrade to 2.0.3 to fix these issues...
dorismccarthygallery.utoronto.ca Cross Site Scripting vulnerability OBB-3777862
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
dorismccarthygallery.utoronto.ca Cross Site Scripting vulnerability OBB-3551960
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
doris-metzger-immobilier.fr Cross Site Scripting vulnerability OBB-3075072
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
Apache Doris Information Disclosure Vulnerability
Apache Doris is a modern MPP analytics database product from the Apache Foundation, USA. An information disclosure vulnerability exists in versions of Apache Doris prior to 1.0.0, which stems from the use of hard-coded keys and IVs to initialize the cipher used for ldap passwords. An attacker cou...
Apache Doris hardcoded key and IV
Apache Doris, prior to 1.0.0, used a hardcoded key and IV to initialize the cipher used for ldap password, which may lead to information disclosure...
GHSA-98J2-HFXP-8H8R Apache Doris hardcoded key and IV
Apache Doris, prior to 1.0.0, used a hardcoded key and IV to initialize the cipher used for ldap password, which may lead to information disclosure...
CVE-2022-23942
Apache Doris, prior to 1.0.0, used a hardcoded key and IV to initialize the cipher used for ldap password, which may lead to information disclosure...