cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score CVE-2024-48019,https://securityvulnerability.io/vulnerability/CVE-2024-48019,Path Traversal Vulnerability in Apache Doris,"A vulnerability in Apache Doris allows application administrators to read arbitrary files from the server filesystem due to improper limitations on pathname access. This path traversal issue could be exploited by malicious users to access sensitive information that should remain restricted. To mitigate this risk, it is essential for users to upgrade to version 2.1.8, 3.0.3, or later, which addresses this vulnerability.",Apache,Apache Doris,,,0.01,false,,false,false,false,,false,false,false,,2025-02-04T18:19:52.467Z,0 CVE-2024-27438,https://securityvulnerability.io/vulnerability/CVE-2024-27438,Remote Command Execution Vulnerability in Apache Doris JDBC Driver,"Download of Code Without Integrity Check vulnerability in Apache Doris. The jdbc driver files used for JDBC catalog is not checked and may resulting in remote command execution. Once the attacker is authorized to create a JDBC catalog, he/she can use arbitrary driver jar file with unchecked code snippet. This code snippet will be run when catalog is initializing without any check. This issue affects Apache Doris: from 1.2.0 through 2.0.4. Users are recommended to upgrade to version 2.0.5 or 2.1.x, which fixes the issue. ",Apache,Apache Doris,,,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-03-21T09:39:21.894Z,0 CVE-2024-26307,https://securityvulnerability.io/vulnerability/CVE-2024-26307,Race Condition Vulnerability in Apache Doris Could Lead to Minimal Impact,"Possible race condition vulnerability in Apache Doris. Some of code using `chmod()` method. This method run the risk of someone renaming the file out from under user and chmodding the wrong file. This could theoretically happen, but the impact would be minimal. This issue affects Apache Doris: before 1.2.8, before 2.0.4. Users are recommended to upgrade to version 2.0.4, which fixes the issue. ",Apache,Apache Doris,,,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-03-21T09:38:19.368Z,0 CVE-2023-41313,https://securityvulnerability.io/vulnerability/CVE-2023-41313,Timing Attacks Vulnerability in Apache Doris,"A vulnerability exists in the authentication method of Apache Doris, which is susceptible to timing attacks. This issue affects versions before 2.0.0 and poses a significant risk to data security by allowing attackers to exploit timing discrepancies during authentication processes. Users are strongly advised to upgrade to version 2.0.0 or 1.2.8 to mitigate the risk associated with this vulnerability.",Apache,Apache Doris,,,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-03-12T10:16:23.638Z,0 CVE-2023-41314,https://securityvulnerability.io/vulnerability/CVE-2023-41314,Apache Doris: Missing API authentication allowed DoS,"The Apache API has a vulnerability that allows unauthenticated access to critical endpoints, specifically /api/snapshot and /api/get_log_file. This access could lead to denial-of-service (DoS) attacks, as well as the potential for attackers to retrieve arbitrary files from the frontend node, compromising sensitive information. Users are strongly advised to upgrade to version 2.0.3 or later to mitigate these risks.",Apache,Apache Doris,8.2,HIGH,0.00267999991774559,false,,false,false,false,,,false,false,,2023-12-18T09:15:00.000Z,0 CVE-2022-23942,https://securityvulnerability.io/vulnerability/CVE-2022-23942,Apache Doris hardcoded cryptography initialization,"Apache Doris, prior to 1.0.0, used a hardcoded key and IV to initialize the cipher used for ldap password, which may lead to information disclosure.",Apache,Apache Doris(incubating),7.5,HIGH,0.0011500000255182385,false,,false,false,false,,,false,false,,2022-04-26T16:05:10.000Z,0