Doris
Monthly
Missing authentication on Apache Doris Frontend (FE) HTTP REST administrative APIs allows any unauthenticated attacker with network reach to the FE HTTP service to invoke privileged administrative operations, degrading cluster integrity and availability up to full denial of service. All Apache Doris releases before 3.1.0 (per EUVD, the 2.1.0 through pre-3.1.0 line) are affected, and a fixed release exists in 3.1.0. There is no public exploit identified at time of analysis and the issue is not listed in CISA KEV; the 9.1 Critical CVSS reflects the trivial unauthenticated network exploitability rather than confirmed in-the-wild use.
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'), Files or Directories Accessible to External Parties vulnerability in Apache Doris. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Download of Code Without Integrity Check vulnerability in Apache Doris. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Possible race condition vulnerability in Apache Doris. Rated medium severity (CVSS 5.3), this vulnerability is low attack complexity. No vendor patch available.
The api /api/snapshot and /api/get_log_file would allow unauthenticated access. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Apache Doris, prior to 1.0.0, used a hardcoded key and IV to initialize the cipher used for ldap password, which may lead to information disclosure. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Missing authentication on Apache Doris Frontend (FE) HTTP REST administrative APIs allows any unauthenticated attacker with network reach to the FE HTTP service to invoke privileged administrative operations, degrading cluster integrity and availability up to full denial of service. All Apache Doris releases before 3.1.0 (per EUVD, the 2.1.0 through pre-3.1.0 line) are affected, and a fixed release exists in 3.1.0. There is no public exploit identified at time of analysis and the issue is not listed in CISA KEV; the 9.1 Critical CVSS reflects the trivial unauthenticated network exploitability rather than confirmed in-the-wild use.
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'), Files or Directories Accessible to External Parties vulnerability in Apache Doris. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Download of Code Without Integrity Check vulnerability in Apache Doris. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Possible race condition vulnerability in Apache Doris. Rated medium severity (CVSS 5.3), this vulnerability is low attack complexity. No vendor patch available.
The api /api/snapshot and /api/get_log_file would allow unauthenticated access. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Apache Doris, prior to 1.0.0, used a hardcoded key and IV to initialize the cipher used for ldap password, which may lead to information disclosure. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.