PT-2025-45743 · Pypi · Doris Mcp Server
Published
2025-11-05
·
Updated
2025-11-05
CVSS v4.0
5.3
Medium
| Vector | AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N |
An attacker with a valid read-only account can bypass Doris MCP Server’s read-only mode due to improper access control, allowing modifications that should have been prevented by read-only restrictions.
Impact:
Bypasses read-only mode; attackers with read-only access may perform unauthorized modifications.
Recommended action for operators: Upgrade to version 0.6.0 as soon as possible (this release contains the fix).
Fix
Improper Access Control
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Doris Mcp Server