GHSA-qpcc-x57v-683v
Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
Unauthenticated network REST access to admin functions gives AV:N/AC:L/PR:N/UI:N; impact is integrity and availability (I:H/A:H) with no data disclosure (C:N).
Primary rating from Vendor (CNA).
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
Lifecycle Timeline
6Description PRE-NVD
Articles & Coverage 1
AnalysisAI
Missing authentication on Apache Doris Frontend (FE) HTTP REST administrative APIs allows any unauthenticated attacker with network reach to the FE HTTP service to invoke privileged administrative operations, degrading cluster integrity and availability up to full denial of service. All Apache Doris releases before 3.1.0 (per EUVD, the 2.1.0 through pre-3.1.0 line) are affected, and a fixed release exists in 3.1.0. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | The concrete prerequisite is network reachability to the Apache Doris FE HTTP (REST) service on a version prior to 3.1.0; the vulnerable administrative REST endpoints served requests with no authentication, so no credentials, tokens, or user interaction are needed. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The CVSS 3.1 vector (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H, 9.1 Critical) is internally consistent with the description: remote, low-complexity, no privileges, no user interaction, with high integrity and availability impact and explicitly no confidentiality impact. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker who can reach the Doris FE HTTP service - for example an FE node exposed to the internet or reachable from a compromised host on the same network - sends crafted HTTP requests directly to the unauthenticated administrative REST endpoints. Because no credentials are required (AV:N/AC:L/PR:N), the attacker invokes privileged cluster operations that disrupt integrity and availability, driving the cluster into instability or denial of service. … |
| Remediation | Vendor-released patch: upgrade to Apache Doris 3.1.0 or later, which is the fixed release identified by the vendor and confirmed as patch-available in the intelligence data. … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
Within 24 hours, inventory all systems running Apache Doris versions 2.1.0 through pre-3.1.0 to identify affected infrastructure and assess network exposure of the HTTP REST administrative APIs. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
Download of Code Without Integrity Check vulnerability in Apache Doris. Rated critical severity (CVSS 9.8), this vulnera
The api /api/snapshot and /api/get_log_file would allow unauthenticated access. Rated high severity (CVSS 8.2), this vul
Apache Doris, prior to 1.0.0, used a hardcoded key and IV to initialize the cipher used for ldap password, which may lea
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'), Files or Directories Accessible to Exter
Possible race condition vulnerability in Apache Doris. Rated medium severity (CVSS 5.3), this vulnerability is low attac
Same technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-43653