CVE-2023-41314
Apache Doris: Missing API authentication allowed DoS
Vexday Risk Score
3Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS —EPSS 0.9%KEV nãoPoC —Nuclei —Metasploit —Patch referenciado
Lifecycle
18 Dec 2023Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
The api /api/snapshot and /api/get_log_file would allow unauthenticated access.
It could allow a DoS attack or get arbitrary files from FE node.
Please upgrade to 2.0.3 to fix these issues.
Affected products
Apache Software Foundation · Apache DorisWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →