FE Node 2.0.3 Unauth /api/snapshot & /api/get_log_file (DoS/File)
CVE-2023-41314 Published on December 18, 2023
Apache Doris: Missing API authentication allowed DoS
The api /api/snapshot and /api/get_log_file would allow unauthenticated access.
It could allow a DoS attack or get arbitrary files from FE node.
Please upgrade to 2.0.3 to fix these issues.
Weakness Type
What is an AuthZ Vulnerability?
The software performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions.
CVE-2023-41314 has been classified to as an AuthZ vulnerability or weakness.
Products Associated with CVE-2023-41314
Want to know whenever a new CVE is published for Apache Doris? stack.watch will email you.
Affected Versions
Apache Software Foundation Apache Doris:- Version 1.2.0, <= 2.0.3 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.