CVE-2023-41314 | Apache Doris: Missing API authentication allowed DoS
The api /api/snapshot and /api/get_log_file would allow unauthenticated access.
It could allow a DoS attack or get arbitrary files from FE node.
Please upgrade to 2.0.3 to fix these issues.
Conclusion & alert: CVE-2023-41314 is rated Moderate Risk (52.5/100): CVSS High severity, with medium exploitation likelihood (EPSS 0.90%).Mandatory action: Review affected assets and schedule remediation.
Risk is dynamic; we continuously reassess and refresh what is shown on this page as upstream context changes.
Exploit prediction scoring system (EPSS) score for CVE-2023-41314
EPSS lead: Daily EPSS estimates relative likelihood of exploitation; percentile ranks this CVE among scored vulnerabilities (higher = more severe relative rank).