CVE-2023-41314

CVE-2023-41314: Apache Doris: Missing API authentication allowed DoS

Vendor Apache Software Foundation

Product Apache Doris

Weakness CWE-863 · Incorrect authorization

Published December 18, 2023

Last update November 20, 2024

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

Description

The api /api/snapshot and /api/get_log_file would allow unauthenticated access. It could allow a DoS attack or get arbitrary files from FE node. Please upgrade to 2.0.3 to fix these issues.

Key dates

Disclosure timeline

December 18, 2023 CVE published

November 20, 2024 Record updated