CNNVD-202511-423 Information

CNNVD ID

CNNVD-202511-423

Related CVE

CVE-2025-58337

• CNNVD Published: 2025-11-05

Description (Chinese)

Apache Doris MCP Server是Apache基金会的一个上下文协议后端服务。 Apache Doris MCP Server 0.1.0至0.6.0之前版本存在安全漏洞，该漏洞源于访问控制不当，可能导致具有只读权限的攻击者执行未经授权的修改。

Description (English)

Apache Doris MCP Server is a context agreement back-end service for the Apache Foundation. There was a security loophole in the pre-Apache Doris MCP Server 0.1.0 to 0.6.0, which stemmed from inadequate access controls and could lead to unauthorized modifications being carried out by attackers with read-only access.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

阿帕奇

Published

2025-11-05

Last Modified

2026-02-24

References

https://lists.apache.org/thread/6tswlphj0pqn9zf25594r3c1vzvfj40h http://www.openwall.com/lists/oss-security/2025/11/04/5 https://access.redhat.com/security/cve/cve-2025-58337

Patch

https://doris.apache.org/download