CVE-2024-26307

Name of the Vulnerable Software and Affected Versions Apache Doris versions prior to 1.2.8 Apache Doris versions prior to 2.0.4

Description The issue is related to a possible race condition vulnerability in Apache Doris, where some code uses the chmod() method. This method poses a risk of someone renaming a file out from under the user and chmodding the wrong file. The impact of this issue is considered minimal.

Recommendations For Apache Doris versions prior to 1.2.8, upgrade to version 2.0.4 or later, which fixes the issue. For Apache Doris versions prior to 2.0.4, upgrade to version 2.0.4 or later, which fixes the issue. As a temporary workaround, consider restricting access to the chmod() method until a patch is available.