Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [day] [month] [year] [list]
Date: Sat, 16 Dec 2023 16:01:55 +0000
From: Mingyu Chen <>
Subject: CVE-2023-41314: Apache Doris: Missing API authentication allowed

Severity: important

Affected versions:

- Apache Doris 1.2.0 through 2.0.3


The api /api/snapshot and /api/get_log_file would allow unauthenticated access.
It could allow a DoS attack or get arbitrary files from FE node.
Please upgrade to 2.0.3 to fix these issues.


Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.