CVE-2023-41313

CRITICAL Year: 2023
CVSS v3 Score
9.8
Critical
Weakness Type
CWE-208
View all →

Vulnerability Description

The authentication method in Apache Doris versions before 2.0.0 was vulnerable to timing attacks. Users are recommended to upgrade to version 2.0.0 + or 1.2.8, which fixes this issue.

Related Vulnerabilities

CVE-2021-21575

CRITICAL
CVSS:9.8(Critical)

Dell BSAFE Micro Edition Suite, versions before 4.5.2, contain an Observable Timing Discrepancy Vulnerability.

CWE-2082021

CVE-2021-43298

CRITICAL
CVSS:9.8(Critical)

The code that performs password matching when using 'Basic' HTTP authentication does not use a constant-time memcmp and has no rate-limiting. This means that an unauthenticated network attacker can br...

CWE-2082021

CVE-2024-42512

HIGH
CVSS:8.6(High)

Vulnerability in the OPC UA .NET Standard Stack before 1.5.374.158 allows an unauthorized attacker to bypass application authentication when the deprecated Basic128Rsa15 security policy is enabled.

CWE-2082024

CVE-2023-25529

HIGH
CVSS:8.1(High)

NVIDIA DGX H100 BMC and DGX A100 BMC contains a vulnerability in the host KVM daemon, where an unauthenticated attacker may cause a leak of another user’s session token by observing timing discrepanci...

CWE-2082023

CVE-2021-21575

CRITICAL
CVSS:9.8(Critical)

Dell BSAFE Micro Edition Suite, versions before 4.5.2, contain an Observable Timing Discrepancy Vulnerability.

CWE-2082021