CVE-2024-26307

CVE-2024-26307 describes a race condition in Apache Doris involving code that uses chmod(), which could allow a local attacker to rename a file under a user and chmod the wrong file. Affected versions are before 1.2.8 and before 2.0.4. Impact is described as minimal in the sources. The recommende...

CVE-2022-23942

CVE-2022-23942 affects Apache Doris versions prior to 1.0.0, where the LDAP password cipher uses a hardcoded key and IV, enabling information disclosure. The issue is exploitable over the network with low attack complexity and no authentication required, compromising confidentiality (per CVSS met...

CVE-2023-41313

CVE-2023-41313 — Apache Doris : The authentication method in Apache Doris versions before 2.0.0 is vulnerable to timing attacks. Upgrading fixes the issue, with recommended versions being 2.0.0+ or 1.2.8. This vulnerability is described across multiple sources in the connected documents, includin...

CVE-2023-41314

CVE-2023-41314 affects Apache Doris; the vulnerability arises from unauthenticated access to /api/snapshot and /api/get_log_file, potentially enabling DoS and retrieval of arbitrary files from FE nodes. Worldwide references indicate affected product is Doris and advise upgrading to version 2.0.3 ...