Back to search
CVE-2022-23942
Published: Apr 26, 2022
Modified: Aug 3, 2024
PUBLISHED
Description
Apache Doris, prior to 1.0.0, used a hardcoded key and IV to initialize the cipher used for ldap password, which may lead to information disclosure.
| Vendor | Product | Versions |
|---|---|---|
Apache Software Foundation | Apache Doris(Incubating) | affected 0.15.0 |
Weaknesses (CWE)
References
https://lists.apache.org/thread/com2dyzp3bn2rdrotry90q2zzord4tvt
x_refsource_MISC
[oss-security] 20220426 CVE-2022-23942: Apache Doris(incubating) hardcoded cryptography initialization
mailing-list
x_refsource_MLIST
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now