定价企业版

CVE-2022-23942

7.5HIGH

Apache Doris, prior to 1.0.0, used a hardcoded key and IV to initialize the cipher used for ldap password, which may lead to information disclosure.

发布于: 4/26/2022更新于: 11/21/2024

在NVD查看在MITRE查看

描述

Apache Doris, prior to 1.0.0, used a hardcoded key and IV to initialize the cipher used for ldap password, which may lead to information disclosure.

AI分析AI驱动

受影响产品

apachedoris

参考资料

http://www.openwall.com/lists/oss-security/2022/04/26/2
Mailing ListThird Party Advisory
http://www.openwall.com/lists/oss-security/2022/04/26/3
Mailing ListThird Party Advisory
https://lists.apache.org/thread/com2dyzp3bn2rdrotry90q2zzord4tvt
Mailing ListVendor Advisory
http://www.openwall.com/lists/oss-security/2022/04/26/2
Mailing ListThird Party Advisory
http://www.openwall.com/lists/oss-security/2022/04/26/3
Mailing ListThird Party Advisory
https://lists.apache.org/thread/com2dyzp3bn2rdrotry90q2zzord4tvt
Mailing ListVendor Advisory