CVE-2024-26307

{"id": "CVE-2024-26307", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 3.4, "exploitabilityScore": 1.8}]}, "published": "2024-03-21T10:15:07.527", "references": [{"url": "http://www.openwall.com/lists/oss-security/2024/03/21/2", "source": "security@apache.org"}, {"url": "https://lists.apache.org/thread/5shhw8x8m271hd2wfwzqzwgf36pmc4pl", "source": "security@apache.org"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Primary", "source": "security@apache.org", "description": [{"lang": "en", "value": "CWE-362"}]}], "descriptions": [{"lang": "en", "value": "Possible race condition vulnerability in Apache Doris.\nSome of code using `chmod()` method. This method run the risk of someone renaming the file out from under user and chmodding the wrong file.\nThis could theoretically happen, but the impact would be minimal.\nThis issue affects Apache Doris: before 1.2.8, before 2.0.4.\n\nUsers are recommended to upgrade to version 2.0.4, which fixes the issue.\n\n"}, {"lang": "es", "value": "Posible vulnerabilidad de condici\u00f3n de ejecuci\u00f3n en Apache Doris. Parte del c\u00f3digo que utiliza el m\u00e9todo `chmod()`. Este m\u00e9todo corre el riesgo de que alguien cambie el nombre del archivo por debajo del usuario y modifique el archivo incorrecto. En teor\u00eda, esto podr\u00eda suceder, pero el impacto ser\u00eda m\u00ednimo. Este problema afecta a Apache Doris: antes de 1.2.8, antes de 2.0.4. Se recomienda a los usuarios actualizar a la versi\u00f3n 2.0.4, que soluciona el problema."}], "lastModified": "2024-07-03T01:49:37.557", "sourceIdentifier": "security@apache.org"}