Total
2 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-41314 | 1 Apache | 1 Doris | 2023-12-22 | N/A | 8.2 HIGH |
| The api /api/snapshot and /api/get_log_file would allow unauthenticated access. It could allow a DoS attack or get arbitrary files from FE node. Please upgrade to 2.0.3 to fix these issues. | |||||
| CVE-2022-23942 | 1 Apache | 1 Doris | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
| Apache Doris, prior to 1.0.0, used a hardcoded key and IV to initialize the cipher used for ldap password, which may lead to information disclosure. | |||||