CVE-2024-48019

CWE-22Path TraversalCWE-552Files Accessible to External Parties3 documents3 sources
Severity
5.4MEDIUM
EPSS
0.7%
top 26.98%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Apache Software Foundation Apache DorisApache Doris
Timeline
PublishedFeb 4

Description

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'), Files or Directories Accessible to External Parties vulnerability in Apache Doris. Application administrators can read arbitrary files from the server filesystem through path traversal. Users are recommended to upgrade to version 2.1.8, 3.0.3 or later, which fixes the issue.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.5

Affected Packages2 packages

NVDapache/doris2.1.02.1.8+1
CVEListV5apache_software_foundation/apache_doris2.1.02.1.8+1

🔴Vulnerability Details

2
CVEList
Apache Doris: allows admin users to read arbitrary files through the REST API2025-02-04
GHSA
GHSA-pvx5-5856-c68p: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'), Files or Directories Accessible to External Parties vulnerability in A2025-02-04
CVE-2024-48019 (MEDIUM CVSS 5.4) | Improper Limitation of a Pathname t | cvebase.io