Lucene search
ApacheCVE-2023-41313HistoryMar 12, 2024 - 11:15 a.m.
CVE-2023-41313
2024-03-1211:15:46
CWE-208
apache
web.nvd.nist.gov
32
apache doris
authentication
timing attacks
cve-2023-41313
security vulnerability
upgrade
CVSS3
9.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
6.9
Confidence
Low
EPSS
0
Percentile
9.0%
The authentication method in Apache Doris versions before 2.0.0 was vulnerable to timing attacks.
Users are recommended to upgrade to version 2.0.0 + or 1.2.8, which fixes this issue.
Affected configurations
Node
apachedorisRange≤1.2.8
CNA Affected
[
{
"defaultStatus": "unaffected",
"product": "Apache Doris",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThan": "1.2.8",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
]Related
prion
prion
Authentication flaw
2024-03-12 11:15:00
vulnrichment
vulnrichment
CVE-2023-41313 Apache Doris: Timing Attack weakness
2024-03-12 10:16:23
cvelist
cvelist
CVE-2023-41313 Apache Doris: Timing Attack weakness
2024-03-12 10:16:23
nvd
nvd
CVE-2023-41313
2024-03-12 11:15:46
cnvd
cnvd
Apache Doris Information Disclosure Vulnerability (CNVD-2024-13570)
2024-03-14 00:00:00
CVSS3
9.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
6.9
Confidence
Low
EPSS
0
Percentile
9.0%
Related for CVE-2023-41313