CVE-2023-41313

CWE-2083 documents3 sources

Severity

9.8CRITICAL

EPSS

0.1%

top 65.33%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apache Software Foundation Apache Doris Apache Doris

Timeline

PublishedMar 12

Description

The authentication method in Apache Doris versions before 2.0.0 was vulnerable to timing attacks. Users are recommended to upgrade to version 2.0.0 + or 1.2.8, which fixes this issue.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages2 packages

▶NVDapache/doris< 1.2.8

▶CVEListV5apache_software_foundation/apache_doris< 1.2.8

🔴Vulnerability Details

GHSA

GHSA-6xww-rmpp-rhm3: The authentication method in Apache Doris versions before 2↗2024-03-12

▶

CVEList

Apache Doris: Timing Attack weakness↗2024-03-12

▶