CVE-2023-41314: Apache Doris: Missing API authentication allowed DoS

[Mingyu Chen <morningman () apache org>]

Severity: important

Affected versions:

- Apache Doris 1.2.0 through 2.0.3

Description:

The api /api/snapshot and /api/get_log_file would allow unauthenticated access.
It could allow a DoS attack or get arbitrary files from FE node.
Please upgrade to 2.0.3 to fix these issues.

References:

https://doris.apache.org
https://www.cve.org/CVERecord?id=CVE-2023-41314