Every CVE whose affected-product data names Apache Doris, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (6)
CVE-2023-41313 — CVSS 9.8 (critical): The authentication method in Apache Doris versions before 2.0.0 was vulnerable to timing attacks. Users are recommended to upgrade to…
CVE-2024-27438 — CVSS 9.8 (critical): Download of Code Without Integrity Check vulnerability in Apache Doris. The jdbc driver files used for JDBC catalog is not checked and may…
CVE-2023-41314 — CVSS 8.2 (high): The api /api/snapshot and /api/get_log_file would allow unauthenticated access. It could allow a DoS attack or get arbitrary files from FE…
CVE-2022-23942 — CVSS 7.5 (high): Apache Doris, prior to 1.0.0, used a hardcoded key and IV to initialize the cipher used for ldap password, which may lead to information…
CVE-2024-48019 — CVSS 5.4 (medium): Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'), Files or Directories Accessible to External Parties…
CVE-2024-26307 — CVSS 5.3 (medium): Possible race condition vulnerability in Apache Doris. Some of code using `chmod()` method. This method run the risk of someone renaming…