High severityNVD Advisory· Published Apr 26, 2022· Updated Aug 3, 2024
Apache Doris hardcoded cryptography initialization
CVE-2022-23942
Description
Apache Doris, prior to 1.0.0, used a hardcoded key and IV to initialize the cipher used for ldap password, which may lead to information disclosure.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
pydorisPyPI | < 1.0.0 | 1.0.0 |
Affected products
2- Apache Software Foundation/Apache Doris(Incubating)v5Range: 0.15.0
Patches
Vulnerability mechanics
References
6- github.com/advisories/GHSA-98j2-hfxp-8h8rghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2022-23942ghsaADVISORY
- www.openwall.com/lists/oss-security/2022/04/26/2ghsamailing-listx_refsource_MLISTWEB
- www.openwall.com/lists/oss-security/2022/04/26/3ghsamailing-listx_refsource_MLISTWEB
- github.com/pypa/advisory-database/tree/main/vulns/pydoris/PYSEC-2022-43150.yamlghsaWEB
- lists.apache.org/thread/com2dyzp3bn2rdrotry90q2zzord4tvtghsax_refsource_MISCWEB
News mentions
0No linked articles in our index yet.