Doris
CVE-2024-27438
CRITICAL
Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Primary rating from Vendor (apache) · only source for this CVE.
CVSS VectorVendor: apache
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionCVE.org
Download of Code Without Integrity Check vulnerability in Apache Doris. The jdbc driver files used for JDBC catalog is not checked and may resulting in remote command execution. Once the attacker is authorized to create a JDBC catalog, he/she can use arbitrary driver jar file with unchecked code snippet. This code snippet will be run when catalog is initializing without any check. This issue affects Apache Doris: from 1.2.0 through 2.0.4.
Users are recommended to upgrade to version 2.0.5 or 2.1.x, which fixes the issue.
AnalysisAI
Download of Code Without Integrity Check vulnerability in Apache Doris. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified under CWE-494. Download of Code Without Integrity Check vulnerability in Apache Doris. The jdbc driver files used for JDBC catalog is not checked and may resulting in remote command execution. Once the attacker is authorized to create a JDBC catalog, he/she can use arbitrary driver jar file with unchecked code snippet. This code snippet will be run when catalog is initializing without any check.2.0 through 2.0.4. Users are recommended to upgrade to version 2.0.5 or 2.1.x, which fixes the issue. Affected products include: Apache Doris. Version information: through 2.0.4..
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
Missing authentication on Apache Doris Frontend (FE) HTTP REST administrative APIs allows any unauthenticated attacker w
The api /api/snapshot and /api/get_log_file would allow unauthenticated access. Rated high severity (CVSS 8.2), this vul
Apache Doris, prior to 1.0.0, used a hardcoded key and IV to initialize the cipher used for ldap password, which may lea
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'), Files or Directories Accessible to Exter
Possible race condition vulnerability in Apache Doris. Rated medium severity (CVSS 5.3), this vulnerability is low attac
Same weakness CWE-494 – Download of Code Without Integrity Check
View allShare
External POC / Exploit Code
Leaving vuln.today