Timing Attacks Vulnerability in Apache Doris
CVE-2023-41313

Currently unrated

Key Information:

Vendor
Apache
Vendor
CVE Published:
12 March 2024

Summary

A vulnerability exists in the authentication method of Apache Doris, which is susceptible to timing attacks. This issue affects versions before 2.0.0 and poses a significant risk to data security by allowing attackers to exploit timing discrepancies during authentication processes. Users are strongly advised to upgrade to version 2.0.0 or 1.2.8 to mitigate the risk associated with this vulnerability.

Affected Version(s)

Apache Doris 0 < 1.2.8

References

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Andrea Cosentino from Apache Software Foundation
.