Lucene search

ApacheCVE-2023-41314

HistoryDec 18, 2023 - 9:15 a.m.

CVE-2023-41314

2023-12-1809:15:05

CWE-863

apache

web.nvd.nist.gov

cve-2023-41314

api

snapshot

get_log_file

unauthenticated access

dos attack

upgrade

nvd

CVSS3

8.2

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H

AI Score

8.2

Confidence

High

EPSS

0.001

Percentile

38.0%

JSON

The api /api/snapshot and /api/get_log_file would allow unauthenticated access.
It could allow a DoS attack or get arbitrary files from FE node.
Please upgrade to 2.0.3 to fix these issues.

Affected configurations

Nvd

Vulners

Node

apachedorisRange<2.0.3

VendorProductVersionCPE
apachedoris*cpe:2.3:a:apache:doris:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
apache	doris	*	cpe:2.3:a:apache:doris::::::::

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Apache Doris",
    "vendor": "Apache Software Foundation",
    "versions": [
      {
        "lessThanOrEqual": "2.0.3",
        "status": "affected",
        "version": "1.2.0",
        "versionType": "semver"
      }
    ]
  }
]

References

lists.apache.org/thread/tgvpvz3yw7zgodl1sb3sv3jbbz8t5zb4

CVSS3

8.2

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H

AI Score

8.2

Confidence

High

EPSS

0.001

Percentile

38.0%

JSON

Related for CVE-2023-41314