Vulnerability Description
Possible race condition vulnerability in Apache Doris. Some of code using `chmod()` method. This method run the risk of someone renaming the file out from under user and chmodding the wrong file. This could theoretically happen, but the impact would be minimal. This issue affects Apache Doris: before 1.2.8, before 2.0.4. Users are recommended to upgrade to version 2.0.4, which fixes the issue.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Apache | Doris | < 1.2.8 |
Related Weaknesses (CWE)
References
- http://www.openwall.com/lists/oss-security/2024/03/21/2Mailing List
- https://lists.apache.org/thread/5shhw8x8m271hd2wfwzqzwgf36pmc4plMailing List
- http://www.openwall.com/lists/oss-security/2024/03/21/2Mailing List
- https://lists.apache.org/thread/5shhw8x8m271hd2wfwzqzwgf36pmc4plMailing List
FAQ
What is CVE-2024-26307?
CVE-2024-26307 is a vulnerability with a CVSS score of 5.3 (MEDIUM). Possible race condition vulnerability in Apache Doris. Some of code using `chmod()` method. This method run the risk of someone renaming the file out from under user and chmodding the wrong file. This...
How severe is CVE-2024-26307?
CVE-2024-26307 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2024-26307?
Check the references section above for vendor advisories and patch information. Affected products include: Apache Doris.