← Retour aux CVEs
CVE-2024-26307
MEDIUM5.3
Description
Possible race condition vulnerability in Apache Doris. Some of code using `chmod()` method. This method run the risk of someone renaming the file out from under user and chmodding the wrong file. This could theoretically happen, but the impact would be minimal. This issue affects Apache Doris: before 1.2.8, before 2.0.4. Users are recommended to upgrade to version 2.0.4, which fixes the issue.
Details CVE
Score CVSS v3.15.3
SeveriteMEDIUM
Vecteur CVSSCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Vecteur d'attaqueLOCAL
ComplexiteLOW
Privileges requisLOW
Interaction utilisateurNONE
Publie3/21/2024
Derniere modification6/17/2025
Sourcenvd
Observations honeypot0
Produits affectes
apache:doris
Faiblesses (CWE)
CWE-362
References
http://www.openwall.com/lists/oss-security/2024/03/21/2(security@apache.org)
https://lists.apache.org/thread/5shhw8x8m271hd2wfwzqzwgf36pmc4pl(security@apache.org)
http://www.openwall.com/lists/oss-security/2024/03/21/2(af854a3a-2127-422b-91ae-364da2661108)
https://lists.apache.org/thread/5shhw8x8m271hd2wfwzqzwgf36pmc4pl(af854a3a-2127-422b-91ae-364da2661108)
Correlations IOC
Aucune correlation enregistree
This product uses data from the NVD API but is not endorsed or certified by the NVD.