CVE-2023-41314

The api /api/snapshot and /api/get_log_file would allow unauthenticated access.
It could allow aDoS attack or get arbitrary files from FE node.
Pleaseupgrade to 2.0.3 to fix these issues.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
8.2 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H
apacheCNA
---
---
CVEADP
---
---
CISA-ADPADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 51%
VendorProductVersion
apachedoris
𝑥
< 2.0.3
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://lists.apache.org/thread/tgvpvz3yw7zgodl1sb3sv3jbbz8t5zb4
https://lists.apache.org/thread/tgvpvz3yw7zgodl1sb3sv3jbbz8t5zb4