CVE-2023-41314
published 2023-12-18CVE-2023-41314: The api /api/snapshot and /api/get_log_file would allow unauthenticated access. It could allow a DoS attack or get arbitrary files from FE node. Please upgrade…
high8.2CVSS 3.1
AVNACLPRNUINSUCLINAH
The api /api/snapshot and /api/get_log_file would allow unauthenticated access.
It could allow a DoS attack or get arbitrary files from FE node.
Please upgrade to 2.0.3 to fix these issues.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apache | doris | < 2.0.3 | 2.0.3 |
| apache_software_foundation | apache_doris | 1.2.0 – 2.0.3 | — |