Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <cbd6f2f4-b014-b722-2e1f-98f00bdc5379@apache.org>
Date: Thu, 21 Mar 2024 08:48:20 +0000
From: Mingyu Chen <morningman@...che.org>
To: oss-security@...ts.openwall.com
Subject: CVE-2024-26307: Apache Doris: Possible race condition 

Severity: low

Affected versions:

- Apache Doris before 1.2.8
- Apache Doris before 2.0.4

Description:

Possible race condition vulnerability in Apache Doris.
Some of code using `chmod()` method. This method run the risk of someone renaming the file out from under user and chmodding the wrong file.
This could theoretically happen, but the impact would be minimal.
This issue affects Apache Doris: before 1.2.8, before 2.0.4.

Users are recommended to upgrade to version 2.0.4, which fixes the issue.

References:

https://doris.apache.org
https://www.cve.org/CVERecord?id=CVE-2024-26307

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.