Vulnerability Details CVE-2024-26307
Possible race condition vulnerability in Apache Doris.
Some of code using `chmod()` method. This method run the risk of someone renaming the file out from under user and chmodding the wrong file.
This could theoretically happen, but the impact would be minimal.
This issue affects Apache Doris: before 1.2.8, before 2.0.4.
Users are recommended to upgrade to version 2.0.4, which fixes the issue.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 3.9%
CVSS Severity
CVSS v3 Score 5.3
References
Products affected by CVE-2024-26307
-
cpe:2.3:a:apache:doris:-
-
cpe:2.3:a:apache:doris:0.10.0
-
cpe:2.3:a:apache:doris:0.11.0
-
cpe:2.3:a:apache:doris:0.12.0
-
cpe:2.3:a:apache:doris:0.13.0
-
cpe:2.3:a:apache:doris:0.14.0
-
cpe:2.3:a:apache:doris:0.15.0
-
cpe:2.3:a:apache:doris:0.9.0
-
cpe:2.3:a:apache:doris:1.0.0
-
cpe:2.3:a:apache:doris:1.2.0
-
cpe:2.3:a:apache:doris:2.0.0
-
cpe:2.3:a:apache:doris:2.0.3