CVE-2024-26307Race Condition in Software Foundation Apache Doris

CWE-362Race Condition3 documents3 sources
Severity
5.3MEDIUMNVD
EPSS
0.0%
top 91.88%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Apache Software Foundation Apache DorisApache Doris
Timeline
PublishedMar 21

Description

Possible race condition vulnerability in Apache Doris. Some of code using `chmod()` method. This method run the risk of someone renaming the file out from under user and chmodding the wrong file. This could theoretically happen, but the impact would be minimal. This issue affects Apache Doris: before 1.2.8, before 2.0.4. Users are recommended to upgrade to version 2.0.4, which fixes the issue.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:LExploitability: 1.8 | Impact: 3.4

Affected Packages2 packages

NVDapache/doris2.0.02.0.4+1

🔴Vulnerability Details

2
CVEList
Apache Doris: Possible race condition2024-03-21
GHSA
GHSA-57pr-424c-2xfr: Possible race condition vulnerability in Apache Doris2024-03-21
CVE-2024-26307 — Race Condition | cvebase