Race Condition Vulnerability in Apache Doris Could Lead to Minimal Impact
CVE-2024-26307

5.3MEDIUM

Key Information:

Vendor: Apache
Status: Apache Doris
Vendor: CVE Published:; 21 March 2024

Summary

Possible race condition vulnerability in Apache Doris. Some of code using chmod() method. This method run the risk of someone renaming the file out from under user and chmodding the wrong file. This could theoretically happen, but the impact would be minimal. This issue affects Apache Doris: before 1.2.8, before 2.0.4.

Users are recommended to upgrade to version 2.0.4, which fixes the issue.

Affected Version(s)

Apache Doris 0 < 1.2.8

Apache Doris 0 < 2.0.4

References

https://lists.apache.org/thread/5shhw8x8m271hd2wfwzqzwgf3...

vendor-advisory

http://www.openwall.com/lists/oss-security/2024/03/21/2

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Mar 21, 2024
Vulnerability Reserved
Feb 17, 2024