CVE-2025-58337— Apache Doris-MCP-Server: Improper Access Control results in bypassing a "read-only" mode for doris-mcp-server MCP Server

Apache Doris-MCP-Server: Improper Access Control results in bypassing a "read-only" mode for doris-mcp-server MCP Server

An attacker with a valid read-only account can bypass Doris MCP Server’s read-only mode due to improper access control, allowing modifications that should have been prevented by read-only restrictions. Impact: Bypasses read-only mode; attackers with read-only access may perform unauthorized modifications. Recommended action for operators: Upgrade to version 0.6.0 as soon as possible (this release contains the fix).

N/A

访问控制不恰当

Apache Doris MCP Server 安全漏洞

Apache Doris MCP Server是Apache基金会的一个上下文协议后端服务。 Apache Doris MCP Server 0.1.0至0.6.0之前版本存在安全漏洞，该漏洞源于访问控制不当，可能导致具有只读权限的攻击者执行未经授权的修改。

N/A

N/A