{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-26307", "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "state": "PUBLISHED", "assignerShortName": "apache", "dateReserved": "2024-02-17T01:50:01.548Z", "datePublished": "2024-03-21T09:38:19.368Z", "dateUpdated": "2025-02-13T17:41:13.412Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Apache Doris", "vendor": "Apache Software Foundation", "versions": [{"lessThan": "1.2.8", "status": "affected", "version": "0", "versionType": "semver"}, {"lessThan": "2.0.4", "status": "affected", "version": "0", "versionType": "semver"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Possible race condition vulnerability in Apache Doris.<br>Some of code using `chmod()` method. This method <span style=\"background-color: rgb(255, 255, 255);\">run the risk of someone renaming the file out from under user and chmodding the wrong file.<br>This could theoretically happen, but the impact would be minimal.</span><br><p>This issue affects Apache Doris: before 1.2.8, before 2.0.4.</p><p>Users are recommended to upgrade to version 2.0.4, which fixes the issue.</p>"}], "value": "Possible race condition vulnerability in Apache Doris.\nSome of code using `chmod()` method. This method run the risk of someone renaming the file out from under user and chmodding the wrong file.\nThis could theoretically happen, but the impact would be minimal.\nThis issue affects Apache Doris: before 1.2.8, before 2.0.4.\n\nUsers are recommended to upgrade to version 2.0.4, which fixes the issue."}], "metrics": [{"other": {"content": {"text": "low"}, "type": "Textual description of severity"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-362", "description": "CWE-362: Possible race condition", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "shortName": "apache", "dateUpdated": "2024-05-01T17:09:11.430Z"}, "references": [{"tags": ["vendor-advisory"], "url": "https://lists.apache.org/thread/5shhw8x8m271hd2wfwzqzwgf36pmc4pl"}, {"url": "http://www.openwall.com/lists/oss-security/2024/03/21/2"}], "source": {"discovery": "UNKNOWN"}, "title": "Apache Doris: Possible race condition", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2024-26307", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-05-01T19:25:51.953543Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:apache:doris:-:*:*:*:*:*:*:*"], "vendor": "apache", "product": "doris", "versions": [{"status": "affected", "version": "0", "lessThan": "2.0.4", "versionType": "custom"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-04T17:48:28.523Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T00:07:19.425Z"}, "title": "CVE Program Container", "references": [{"tags": ["vendor-advisory", "x_transferred"], "url": "https://lists.apache.org/thread/5shhw8x8m271hd2wfwzqzwgf36pmc4pl"}, {"url": "http://www.openwall.com/lists/oss-security/2024/03/21/2", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://lists.apache.org/thread/5shhw8x8m271hd2wfwzqzwgf36pmc4pl", "tags": ["vendor-advisory", "x_transferred"]}, {"url": "http://www.openwall.com/lists/oss-security/2024/03/21/2", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T00:07:19.425Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2024-26307", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-05-01T19:25:51.953543Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:apache:doris:-:*:*:*:*:*:*:*"], "vendor": "apache", "product": "doris", "versions": [{"status": "affected", "version": "0", "lessThan": "2.0.4", "versionType": "custom"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-05-01T19:23:37.046Z"}}], "cna": {"title": "Apache Doris: Possible race condition", "source": {"discovery": "UNKNOWN"}, "metrics": [{"other": {"type": "Textual description of severity", "content": {"text": "low"}}}], "affected": [{"vendor": "Apache Software Foundation", "product": "Apache Doris", "versions": [{"status": "affected", "version": "0", "lessThan": "1.2.8", "versionType": "semver"}, {"status": "affected", "version": "0", "lessThan": "2.0.4", "versionType": "semver"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://lists.apache.org/thread/5shhw8x8m271hd2wfwzqzwgf36pmc4pl", "tags": ["vendor-advisory"]}, {"url": "http://www.openwall.com/lists/oss-security/2024/03/21/2"}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "Possible race condition vulnerability in Apache Doris.\nSome of code using `chmod()` method. This method run the risk of someone renaming the file out from under user and chmodding the wrong file.\nThis could theoretically happen, but the impact would be minimal.\nThis issue affects Apache Doris: before 1.2.8, before 2.0.4.\n\nUsers are recommended to upgrade to version 2.0.4, which fixes the issue.", "supportingMedia": [{"type": "text/html", "value": "Possible race condition vulnerability in Apache Doris.<br>Some of code using `chmod()` method. This method <span style=\"background-color: rgb(255, 255, 255);\">run the risk of someone renaming the file out from under user and chmodding the wrong file.<br>This could theoretically happen, but the impact would be minimal.</span><br><p>This issue affects Apache Doris: before 1.2.8, before 2.0.4.</p><p>Users are recommended to upgrade to version 2.0.4, which fixes the issue.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-362", "description": "CWE-362: Possible race condition"}]}], "providerMetadata": {"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "shortName": "apache", "dateUpdated": "2024-05-01T17:09:11.430Z"}}}, "cveMetadata": {"cveId": "CVE-2024-26307", "state": "PUBLISHED", "dateUpdated": "2025-02-13T17:41:13.412Z", "dateReserved": "2024-02-17T01:50:01.548Z", "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "datePublished": "2024-03-21T09:38:19.368Z", "assignerShortName": "apache"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:apache:doris:*:*:*:*:*:*:*:*", "matchCriteriaId": "5B75564F-3C9C-452E-BD4C-6A9C706EE8B5", "versionEndExcluding": "1.2.8", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:doris:*:*:*:*:*:*:*:*", "matchCriteriaId": "A7296FBE-665A-464B-8A52-5ED73CEA5D6A", "versionEndExcluding": "2.0.4", "versionStartIncluding": "2.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Possible race condition vulnerability in Apache Doris.\nSome of code using `chmod()` method. This method run the risk of someone renaming the file out from under user and chmodding the wrong file.\nThis could theoretically happen, but the impact would be minimal.\nThis issue affects Apache Doris: before 1.2.8, before 2.0.4.\n\nUsers are recommended to upgrade to version 2.0.4, which fixes the issue."}, {"lang": "es", "value": "Posible vulnerabilidad de condici\u00f3n de ejecuci\u00f3n en Apache Doris. Parte del c\u00f3digo que utiliza el m\u00e9todo `chmod()`. Este m\u00e9todo corre el riesgo de que alguien cambie el nombre del archivo por debajo del usuario y modifique el archivo incorrecto. En teor\u00eda, esto podr\u00eda suceder, pero el impacto ser\u00eda m\u00ednimo. Este problema afecta a Apache Doris: antes de 1.2.8, antes de 2.0.4. Se recomienda a los usuarios actualizar a la versi\u00f3n 2.0.4, que soluciona el problema."}], "id": "CVE-2024-26307", "lastModified": "2025-06-17T13:50:12.777", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.4, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2024-03-21T10:15:07.527", "references": [{"source": "security@apache.org", "tags": ["Mailing List"], "url": "http://www.openwall.com/lists/oss-security/2024/03/21/2"}, {"source": "security@apache.org", "tags": ["Mailing List"], "url": "https://lists.apache.org/thread/5shhw8x8m271hd2wfwzqzwgf36pmc4pl"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List"], "url": "http://www.openwall.com/lists/oss-security/2024/03/21/2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List"], "url": "https://lists.apache.org/thread/5shhw8x8m271hd2wfwzqzwgf36pmc4pl"}], "sourceIdentifier": "security@apache.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-362"}], "source": "security@apache.org", "type": "Secondary"}]}

{}