Race Condition Vulnerability in Apache Doris Could Lead to Minimal Impact
CVE-2024-26307

Currently unrated

Key Information:

Vendor: Apache
Status: Apache Doris
Vendor: CVE Published:; 21 March 2024

Summary

Possible race condition vulnerability in Apache Doris. Some of code using chmod() method. This method run the risk of someone renaming the file out from under user and chmodding the wrong file. This could theoretically happen, but the impact would be minimal. This issue affects Apache Doris: before 1.2.8, before 2.0.4.

Users are recommended to upgrade to version 2.0.4, which fixes the issue.

Affected Version(s)

Apache Doris 0 < 1.2.8

Apache Doris 0 < 2.0.4

References

https://lists.apache.org/thread/5shhw8x8m271hd2wfwzqzwgf3...

vendor-advisory

http://www.openwall.com/lists/oss-security/2024/03/21/2

Timeline

Vulnerability published
Mar 21, 2024
Vulnerability Reserved
Feb 17, 2024