CVE-2023-41313

CVE-2023-41313: Apache Doris: Timing Attack weakness

Vendor Apache Software Foundation

Product Apache Doris

Weakness CWE-208

Published March 12, 2024

Last update February 13, 2025

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

Description

The authentication method in Apache Doris versions before 2.0.0 was vulnerable to timing attacks. Users are recommended to upgrade to version 2.0.0 + or 1.2.8, which fixes this issue.

Key dates

Disclosure timeline

March 12, 2024 CVE published

February 13, 2025 Record updated