oss-sec mailing list archives
CVE-2023-41314: Apache Doris: Missing API authentication allowed DoS
From: Mingyu Chen <morningman () apache org>
Date: Sat, 16 Dec 2023 16:01:55 +0000
Severity: important Affected versions: - Apache Doris 1.2.0 through 2.0.3 Description: The api /api/snapshot and /api/get_log_file would allow unauthenticated access. It could allow a DoS attack or get arbitrary files from FE node. Please upgrade to 2.0.3 to fix these issues. References: https://doris.apache.org https://www.cve.org/CVERecord?id=CVE-2023-41314
Current thread:
- CVE-2023-41314: Apache Doris: Missing API authentication allowed DoS Mingyu Chen (Dec 16)