V
Scaner-VS
HomeCatalogSourcesCWECAPECATT&CKMitigationsProductsVendorsDocs
CVE-2024-26307
ANC
Medium

Possible race condition vulnerability in Apache Doris. Some of code using `chmod()` method. This method run the risk of someone renaming th…

CVSS
5.3
Medium
EPSS
0.00
p12
Published
2024-01-01
Updated
2024-01-01
Description

Possible race condition vulnerability in Apache Doris. Some of code using `chmod()` method. This method run the risk of someone renaming the file out from under user and chmodding the wrong file. This could theoretically happen, but the impact would be minimal. This issue affects Apache Doris: before 1.2.8, before 2.0.4. Users are recommended to upgrade to version 2.0.4, which fixes the issue.

Tags · CWE
CWE-362
CAPEC-26
CAPEC-29
Affected products
Doris < 1.2.8Doris 2.0.0–2.0.4
CVSS vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Timeline
2024-01-01
Published
2024-01-01
Updated
CVSS 3.1 breakdown
Attack Vector
AV: L
Local (L)
Attack Complexity
AC: L
Low (L)
Privileges Required
PR: L
Low (L)
User Interaction
UI: N
None (N)
Scope
S: U
Unchanged (U)
Confidentiality Impact
C: L
Low (L)
Integrity Impact
I: L
Low (L)
Availability Impact
A: L
Low (L)
Exploit indicators
EPSS
0.002 · p12
Known exploited (KEV)
No
Known exploits — Сканер-ВС
No Сканер-ВС checks registered for this vulnerability yet.
Affected products
ProductVendorStatus
Tracked
doris*Tracked
Source databases
ANC
CVE
Related vulnerabilities