Описание
An attacker with a valid read-only account can bypass Doris MCP Server’s read-only mode due to improper access control, allowing modifications that should have been prevented by read-only restrictions.
Impact:
Bypasses read-only mode; attackers with read-only access may perform unauthorized modifications.
Recommended action for operators: Upgrade to version 0.6.0 as soon as possible (this release contains the fix).
Ссылки
- Mailing ListVendor Advisory
- Mailing ListThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 0.6.0 (исключая)
cpe:2.3:a:apache:doris_mcp_server:*:*:*:*:*:*:*:*
EPSS
Процентиль: 30%
0.00111
Низкий
5.4 Medium
CVSS3
Дефекты
CWE-284
NVD-CWE-noinfo
Связанные уязвимости
github
3 месяца назад
Apache Doris-MCP-Server: Improper Access Control results in bypassing a "read-only" mode
EPSS
Процентиль: 30%
0.00111
Низкий
5.4 Medium
CVSS3
Дефекты
CWE-284
NVD-CWE-noinfo