CVE-2022-23942

CVE-2022-23942: Apache Doris hardcoded cryptography initialization

Vendor Apache Software Foundation
Product Apache Doris(Incubating)
Weakness CWE-798 · Hardcoded credentials
Published April 26, 2022
Last update August 3, 2024
View on NVD All CVEs

CVSS base score

What the vulnerability does

Description

Apache Doris, prior to 1.0.0, used a hardcoded key and IV to initialize the cipher used for ldap password, which may lead to information disclosure.

Key dates

Disclosure timeline

April 26, 2022 CVE published
August 3, 2024 Record updated