CVE-2022-23942

Summary

Apache Doris, prior to 1.0.0, used a hardcoded key and IV to initialize the cipher used for ldap password, which may lead to information disclosure.

Affected Software

VendorProductVersion RangeStatus
Apache Software FoundationApache Doris(Incubating)0.15.0affected

Weaknesses

  • CWE-798: CWE-798 Use of Hard-coded Credentials

Workarounds

Upgrade to 1.0.0 or higher will resolve this problem.

ADP Enrichment

CVE Program Container

Additional References

References