CVE-2024-48019

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'), Files or Directories Accessible to External Parties vulnerability in Apache Doris. Application administrators can read arbitrary files from the server filesystem through path traversal. Users are recommended to upgrade to version 2.1.8, 3.0.3 or later, which fixes the issue.

CVSS v3 5.4 MEDIUM

5.4^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.8 / Impact : 2.5

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://lists.apache.org/thread/p70klgmyrgknhn0t195261wvwv5jw6hr	Vendor Advisory
http://www.openwall.com/lists/oss-security/2025/02/04/2	Mailing List Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:apache:doris::::::::
	cpe:2.3:a:apache:doris::::::::

History

No history.

Information

Published : 2025-02-04 19:15

Updated : 2025-06-09 19:49

NVD link : CVE-2024-48019

Mitre link : CVE-2024-48019

CVE.ORG link : CVE-2024-48019

JSON object : View

Products Affected

apache

doris

CWE

CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CWE-552

Files or Directories Accessible to External Parties

{"id": "CVE-2024-48019", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.4, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 2.5, "exploitabilityScore": 2.8}]}, "published": "2025-02-04T19:15:31.733", "references": [{"url": "https://lists.apache.org/thread/p70klgmyrgknhn0t195261wvwv5jw6hr", "tags": ["Vendor Advisory"], "source": "[email protected]"}, {"url": "http://www.openwall.com/lists/oss-security/2025/02/04/2", "tags": ["Mailing List", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-22"}, {"lang": "en", "value": "CWE-552"}]}, {"type": "Primary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-22"}]}], "descriptions": [{"lang": "en", "value": "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'), Files or Directories Accessible to External Parties vulnerability in Apache Doris.\n\n\nApplication administrators can read arbitrary\nfiles from the server filesystem through path traversal.\n\n\nUsers are recommended to upgrade to version 2.1.8, 3.0.3 or later, which fixes the issue."}, {"lang": "es", "value": "Vulnerabilidad de limitaci\u00f3n incorrecta de una ruta de acceso a un directorio restringido ('Path Traversal'), archivos o directorios accesibles a terceros en Apache Doris. Los administradores de aplicaciones pueden leer archivos arbitrarios del sistema de archivos del servidor mediante el path traversal. Se recomienda a los usuarios actualizar a la versi\u00f3n 2.1.8, 3.0.3 o posterior, que soluciona el problema."}], "lastModified": "2025-06-09T19:49:43.753", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:apache:doris:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F80E2297-7690-4751-9027-10D1A6B9964F", "versionEndExcluding": "2.1.8", "versionStartIncluding": "2.1.0"}, {"criteria": "cpe:2.3:a:apache:doris:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A690C58E-4B42-402D-B627-1E7D79E8AA83", "versionEndExcluding": "3.0.3", "versionStartIncluding": "3.0.0"}], "operator": "OR"}]}], "sourceIdentifier": "[email protected]"}