CVE-2024-48019

CVSS 3.1 Score 5.4 of 10 (medium)

Details

Published Feb 4, 2025

Updated: Feb 7, 2025

CWE ID 22

CWE ID 552

Summary

CVE-2024-48019 is a newly disclosed vulnerability affecting Apache Doris. This issue involves an improper limitation of a pathname, allowing external parties to access arbitrary files on the server filesystem through a Path Traversal technique. Application administrators can potentially read sensitive files by exploiting this vulnerability. Users are strongly advised to upgrade to Apache Doris versions 2.1.8, 3.0.3 or later to address this security concern and mitigate the risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Apache Software Foundation

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/zT5TI9
https://www.cve.org/CVERecord?id=CVE-2024-48019
https://nvd.nist.gov/vuln/detail/CVE-2024-48019

Back to Vulnerability Database

CVE-2024-48019

CVSS 3.1 Score 5.4 of 10 (medium)

Details

Summary

Affected Vendors

Advisories, Assessments, and Mitigations