Vulnerability Details CVE-2022-23942
Apache Doris, prior to 1.0.0, used a hardcoded key and IV to initialize the cipher used for ldap password, which may lead to information disclosure.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.019
EPSS Ranking 82.3%
CVSS Severity
CVSS v3 Score 7.5
CVSS v2 Score 5.0
References
- http://www.openwall.com/lists/oss-security/2022/04/26/2
- http://www.openwall.com/lists/oss-security/2022/04/26/3
- https://lists.apache.org/thread/com2dyzp3bn2rdrotry90q2zzord4tvt
- http://www.openwall.com/lists/oss-security/2022/04/26/2
- http://www.openwall.com/lists/oss-security/2022/04/26/3
- https://lists.apache.org/thread/com2dyzp3bn2rdrotry90q2zzord4tvt
Products affected by CVE-2022-23942
-
cpe:2.3:a:apache:doris:-
-
cpe:2.3:a:apache:doris:0.10.0
-
cpe:2.3:a:apache:doris:0.11.0
-
cpe:2.3:a:apache:doris:0.12.0
-
cpe:2.3:a:apache:doris:0.13.0
-
cpe:2.3:a:apache:doris:0.14.0
-
cpe:2.3:a:apache:doris:0.15.0
-
cpe:2.3:a:apache:doris:0.9.0