CVE-2022-23942
published 2022-04-26CVE-2022-23942: Apache Doris, prior to 1.0.0, used a hardcoded key and IV to initialize the cipher used for ldap password, which may lead to information disclosure.
high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
Apache Doris, prior to 1.0.0, used a hardcoded key and IV to initialize the cipher used for ldap password, which may lead to information disclosure.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apache | doris | < 1.0.0 | 1.0.0 |
| apache_software_foundation | apache_doris | — | — |