CVE-2022-23942— Apache Doris hardcoded cryptography initialization
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2022-23942
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Apache Doris hardcoded cryptography initialization
Source: NVD (National Vulnerability Database)
Vulnerability Description
Apache Doris, prior to 1.0.0, used a hardcoded key and IV to initialize the cipher used for ldap password, which may lead to information disclosure.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
使用硬编码的凭证
Source: NVD (National Vulnerability Database)
Vulnerability Title
Apache Doris 信任管理问题漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Apache Doris是美国阿帕奇(Apache)基金会的一个现代 MPP 分析数据库产品。可以提供亚秒级查询和高效的实时数据分析。 Apache Doris在 1.0.0 之前存在安全漏洞,该漏洞源于使用硬编码的密钥和 IV 来初始化用于 ldap 密码的 cipher,这可能会导致信息泄露。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| Apache Software Foundation | Apache Doris(Incubating) | 0.15.0 | - |
II. Public POCs for CVE-2022-23942
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2022-23942
请登录查看更多情报信息。
- https://lists.apache.org/thread/com2dyzp3bn2rdrotry90q2zzord4tvtx_refsource_MISC
- oss-security - CVE-2022-23942: Apache Doris(incubating) hardcoded cryptography initializationmailing-listx_refsource_MLIST
- https://nvd.nist.gov/vuln/detail/CVE-2022-23942
IV. Related Vulnerabilities
Same vendor: Apache Software Foundation
- CVE-2026-39816
Apache NiFi: Missing Execute Code Required Permission on Tin - CVE-2026-25199
Apache CloudStack: Proxmox Extension Allows Unauthorized Cro - CVE-2026-25077
Apache CloudStack: Unauthenticated Command Injection in Dire - CVE-2025-69233
Apache CloudStack: Domain/account resources limits not honor - CVE-2025-66467
Apache CloudStack: MinIO policy remains intact on bucket del
Same weakness: CWE-798
- CVE-2026-7414
Hardcoded credentials in Yarbo robot firmware - CVE-2026-8032
PicoTronica e-Clinic Healthcare System ECHS echs.js hard-cod - CVE-2026-32834
Easy PayPal Events & Tickets 1.3 Authentication Bypass via Q - CVE-2026-42376
D-Link DIR-456U A1 Hardcoded Telnet Backdoor Credentials - CVE-2026-42375
D-Link DIR-600L A1 Hardcoded Telnet Backdoor Credentials
V. Comments for CVE-2022-23942
No comments yet