CVSS: 8.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-41314 – Apache Doris: Missing API authentication allowed DoS
https://notcve.org/view.php?id=CVE-2023-41314
18 Dec 2023 — The api /api/snapshot and /api/get_log_file would allow unauthenticated access. It could allow a DoS attack or get arbitrary files from FE node. Please upgrade to 2.0.3 to fix these issues. La API /api/snapshot y /api/get_log_file permitirían el acceso no autenticado. Podría permitir un ataque DoS u obtener archivos arbitrarios del nodo FE. Actualice a 2.0.3 para solucionar estos problemas. The api /api/snapshot and /api/get_log_file would allow unauthenticated access. • https://lists.apache.org/thread/tgvpvz3yw7zgodl1sb3sv3jbbz8t5zb4 • CWE-863: Incorrect Authorization •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-23942 – Apache Doris hardcoded cryptography initialization
https://notcve.org/view.php?id=CVE-2022-23942
26 Apr 2022 — Apache Doris, prior to 1.0.0, used a hardcoded key and IV to initialize the cipher used for ldap password, which may lead to information disclosure. Apache Doris, versiones anteriores a 1.0.0, usaba una clave y un IV embebidos para inicializar el cifrado usado para la contraseña de ldap, lo que podía conllevar a una revelación de información • http://www.openwall.com/lists/oss-security/2022/04/26/2 • CWE-798: Use of Hard-coded Credentials •