Описание
The api /api/snapshot and /api/get_log_file would allow unauthenticated access. It could allow a DoS attack or get arbitrary files from FE node. Please upgrade to 2.0.3 to fix these issues.
Ссылки
- Mailing ListVendor Advisory
- Mailing ListVendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 2.0.3 (исключая)
cpe:2.3:a:apache:doris:*:*:*:*:*:*:*:*
EPSS
Процентиль: 59%
0.00384
Низкий
8.2 High
CVSS3
Дефекты
CWE-863
Связанные уязвимости
CVSS3: 8.2
github
около 2 лет назад
The api /api/snapshot and /api/get_log_file would allow unauthenticated access. It could allow a DoS attack or get arbitrary files from FE node. Please upgrade to 2.0.3 to fix these issues.
EPSS
Процентиль: 59%
0.00384
Низкий
8.2 High
CVSS3
Дефекты
CWE-863