Apache Doris JDBC Driver Unchecked Code Exec (pre-2.0.5/2.1.x)
CVE-2024-27438 Published on March 21, 2024
Apache Doris: Downloading arbitrary remote jar files resulting in remote command execution
Download of Code Without Integrity Check vulnerability in Apache Doris.
The jdbc driver files used for JDBC catalog is not checked and may resulting in remote command execution.
Once the attacker is authorized to create a JDBC catalog, he/she can use arbitrary driver jar file with unchecked code snippet. This code snippet will be run when catalog is initializing without any check.
This issue affects Apache Doris: from 1.2.0 through 2.0.4.
Users are recommended to upgrade to version 2.0.5 or 2.1.x, which fixes the issue.
Vulnerability Analysis
CVE-2024-27438 is exploitable with network access, and does not require authorization privileges or user interaction. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to be critical as this vulnerability has a high impact to the confidentiality, integrity and availability of this component.
Weakness Type
Download of Code Without Integrity Check
The product downloads source code or an executable from a remote location and executes the code without sufficiently verifying the origin and integrity of the code. An attacker can execute malicious code by compromising the host server, performing DNS spoofing, or modifying the code in transit.
Products Associated with CVE-2024-27438
Want to know whenever a new CVE is published for Apache Doris? stack.watch will email you.
Affected Versions
Apache Software Foundation Apache Doris:- Version 1.2.0, <= 2.0.4 is affected.
- Version 1.2.0, <= 2.0.4 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.