The authentication method in Apache Doris versions before 2.0.0 was vulnerable to timing attacks. Users are recommended to upgrade to version 2.0.0 + or 1.2.8, which fixes this issue.
History

Thu, 13 Feb 2025 18:15:00 +0000

Type Values Removed Values Added
First Time appeared Apache
Apache doris
CPEs cpe:2.3:a:apache:doris:*:*:*:*:*:*:*:*
Vendors & Products Apache
Apache doris
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Thu, 13 Feb 2025 17:15:00 +0000

Type Values Removed Values Added
Description The authentication method in Apache Doris versions before 2.0.0 was vulnerable to timing attacks. Users are recommended to upgrade to version 2.0.0 + or 1.2.8, which fixes this issue. The authentication method in Apache Doris versions before 2.0.0 was vulnerable to timing attacks. Users are recommended to upgrade to version 2.0.0 + or 1.2.8, which fixes this issue.

cve-icon MITRE

Status: PUBLISHED

Assigner: apache

Published:

Updated: 2025-02-13T17:09:00.819Z

Reserved: 2023-08-28T15:45:59.249Z

Link: CVE-2023-41313

cve-icon Vulnrichment

Updated: 2024-08-02T18:54:05.087Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2024-03-12T11:15:46.470

Modified: 2025-02-13T17:17:06.707

Link: CVE-2023-41313

cve-icon Redhat

No data.