Vulnerability-Lookup

CNVD-2025-05704

Vulnerability from cnvd - Published: 2025-03-25

Title

Apache Doris路径遍历漏洞

Description

Apache Doris是美国阿帕奇（Apache）基金会的一个现代MPP分析数据库产品。可以提供亚秒级查询和高效的实时数据分析。 Apache Doris存在路径遍历漏洞，该漏洞源于程序未能正确地过滤资源或文件路径中的特殊元素。攻击者可利用该漏洞读取服务器文件系统中的任意文件。

Severity

中

Patch Name

Apache Doris路径遍历漏洞的补丁

Patch Description

Apache Doris是美国阿帕奇（Apache）基金会的一个现代MPP分析数据库产品。可以提供亚秒级查询和高效的实时数据分析。 Apache Doris存在路径遍历漏洞，该漏洞源于程序未能正确地过滤资源或文件路径中的特殊元素。攻击者可利用该漏洞读取服务器文件系统中的任意文件。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

厂商已发布了漏洞修复程序，请及时关注更新： https://lists.apache.org/thread/p70klgmyrgknhn0t195261wvwv5jw6hr

Reference

http://www.openwall.com/lists/oss-security/2025/02/04/2

Impacted products

Name
Apache Apache Doris

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2024-48019",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2024-48019"
    }
  },
  "description": "Apache Doris\u662f\u7f8e\u56fd\u963f\u5e15\u5947\uff08Apache\uff09\u57fa\u91d1\u4f1a\u7684\u4e00\u4e2a\u73b0\u4ee3MPP\u5206\u6790\u6570\u636e\u5e93\u4ea7\u54c1\u3002\u53ef\u4ee5\u63d0\u4f9b\u4e9a\u79d2\u7ea7\u67e5\u8be2\u548c\u9ad8\u6548\u7684\u5b9e\u65f6\u6570\u636e\u5206\u6790\u3002\n\nApache Doris\u5b58\u5728\u8def\u5f84\u904d\u5386\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7a0b\u5e8f\u672a\u80fd\u6b63\u786e\u5730\u8fc7\u6ee4\u8d44\u6e90\u6216\u6587\u4ef6\u8def\u5f84\u4e2d\u7684\u7279\u6b8a\u5143\u7d20\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u8bfb\u53d6\u670d\u52a1\u5668\u6587\u4ef6\u7cfb\u7edf\u4e2d\u7684\u4efb\u610f\u6587\u4ef6\u3002",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://lists.apache.org/thread/p70klgmyrgknhn0t195261wvwv5jw6hr",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2025-05704",
  "openTime": "2025-03-25",
  "patchDescription": "Apache Doris\u662f\u7f8e\u56fd\u963f\u5e15\u5947\uff08Apache\uff09\u57fa\u91d1\u4f1a\u7684\u4e00\u4e2a\u73b0\u4ee3MPP\u5206\u6790\u6570\u636e\u5e93\u4ea7\u54c1\u3002\u53ef\u4ee5\u63d0\u4f9b\u4e9a\u79d2\u7ea7\u67e5\u8be2\u548c\u9ad8\u6548\u7684\u5b9e\u65f6\u6570\u636e\u5206\u6790\u3002\r\n\r\nApache Doris\u5b58\u5728\u8def\u5f84\u904d\u5386\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7a0b\u5e8f\u672a\u80fd\u6b63\u786e\u5730\u8fc7\u6ee4\u8d44\u6e90\u6216\u6587\u4ef6\u8def\u5f84\u4e2d\u7684\u7279\u6b8a\u5143\u7d20\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u8bfb\u53d6\u670d\u52a1\u5668\u6587\u4ef6\u7cfb\u7edf\u4e2d\u7684\u4efb\u610f\u6587\u4ef6\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Apache Doris\u8def\u5f84\u904d\u5386\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "Apache Apache Doris"
  },
  "referenceLink": "http://www.openwall.com/lists/oss-security/2025/02/04/2",
  "serverity": "\u4e2d",
  "submitTime": "2025-02-18",
  "title": "Apache Doris\u8def\u5f84\u904d\u5386\u6f0f\u6d1e"
}

CVE-2024-48019 (GCVE-0-2024-48019)

Vulnerability from cvelistv5 – Published: 2025-02-04 18:19 – Updated: 2025-02-07 21:20

Title

Apache Doris: allows admin users to read arbitrary files through the REST API

Summary

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'), Files or Directories Accessible to External Parties vulnerability in Apache Doris. Application administrators can read arbitrary files from the server filesystem through path traversal. Users are recommended to upgrade to version 2.1.8, 3.0.3 or later, which fixes the issue.

Severity ?

No CVSS data available.

CWE

CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CWE-552 - Files or Directories Accessible to External Parties

Assigner

apache

References

URL

Tags

https://lists.apache.org/thread/p70klgmyrgknhn0t1…

vendor-advisory

Impacted products

	Vendor	Product	Version
	Apache Software Foundation	Apache Doris	Affected: 2.1.0 , < 2.1.8 (semver) Affected: 3.0.0 , < 3.0.3 (semver)

Credits

Man Yue Mo of the GitHub Security Lab team

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2025-02-04T19:02:30.852Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "http://www.openwall.com/lists/oss-security/2025/02/04/2"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "NONE",
              "baseScore": 5.4,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "LOW",
              "integrityImpact": "LOW",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-48019",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-02-07T21:18:39.608676Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-02-07T21:20:37.526Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Apache Doris",
          "vendor": "Apache Software Foundation",
          "versions": [
            {
              "lessThan": "2.1.8",
              "status": "affected",
              "version": "2.1.0",
              "versionType": "semver"
            },
            {
              "lessThan": "3.0.3",
              "status": "affected",
              "version": "3.0.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Man Yue Mo of the GitHub Security Lab team"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eImproper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027), Files or Directories Accessible to External Parties vulnerability in Apache Doris.\u003cbr\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eApplication administrators can read arbitrary\nfiles from the server filesystem through path traversal.\u003c/span\u003e\u003cbr\u003e\u003c/p\u003e\u003cp\u003eUsers are recommended to upgrade to version 2.1.8, 3.0.3 or later, which fixes the issue.\u003c/p\u003e"
            }
          ],
          "value": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027), Files or Directories Accessible to External Parties vulnerability in Apache Doris.\n\n\nApplication administrators can read arbitrary\nfiles from the server filesystem through path traversal.\n\n\nUsers are recommended to upgrade to version 2.1.8, 3.0.3 or later, which fixes the issue."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "text": "low"
            },
            "type": "Textual description of severity"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-22",
              "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-552",
              "description": "CWE-552 Files or Directories Accessible to External Parties",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-02-04T18:19:52.467Z",
        "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
        "shortName": "apache"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.apache.org/thread/p70klgmyrgknhn0t195261wvwv5jw6hr"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Apache Doris: allows admin users to read arbitrary files through the REST API",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
    "assignerShortName": "apache",
    "cveId": "CVE-2024-48019",
    "datePublished": "2025-02-04T18:19:52.467Z",
    "dateReserved": "2024-10-08T12:27:54.136Z",
    "dateUpdated": "2025-02-07T21:20:37.526Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CNVD-2025-05704

CVE-2024-48019 (GCVE-0-2024-48019)

Tags

Sightings

Nomenclature