exploitDog

CVE-2022-23942

Опубликовано: 26 апр. 2022

Источник: nvd

CVSS3: 7.5

CVSS2: 5

EPSS Низкий

Описание

Apache Doris, prior to 1.0.0, used a hardcoded key and IV to initialize the cipher used for ldap password, which may lead to information disclosure.

Ссылки

http://www.openwall.com/lists/oss-security/2022/04/26/2
Mailing List
Third Party Advisory
http://www.openwall.com/lists/oss-security/2022/04/26/3
Mailing List
Third Party Advisory
https://lists.apache.org/thread/com2dyzp3bn2rdrotry90q2zzord4tvt
Mailing List
Vendor Advisory
http://www.openwall.com/lists/oss-security/2022/04/26/2
Mailing List
Third Party Advisory
http://www.openwall.com/lists/oss-security/2022/04/26/3
Mailing List
Third Party Advisory
https://lists.apache.org/thread/com2dyzp3bn2rdrotry90q2zzord4tvt
Mailing List
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:apache:doris:*:*:*:*:*:*:*:*

Версия до 1.0.0 (исключая)

EPSS

Процентиль: 80%

0.01383

Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-798

CWE-798

Связанные уязвимости

CVE-2022-23942

CVSS3: 7.5

ubuntu

почти 4 года назад

Apache Doris, prior to 1.0.0, used a hardcoded key and IV to initialize the cipher used for ldap password, which may lead to information disclosure.

GHSA-98j2-hfxp-8h8r

CVSS3: 7.5

github

почти 4 года назад

Apache Doris hardcoded key and IV

EPSS

Процентиль: 80%

0.01383

Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-798

CWE-798