CVE-2024-48019
📋 TL;DR
This path traversal vulnerability in Apache Doris allows authenticated application administrators to read arbitrary files from the server filesystem. Attackers can exploit this to access sensitive system files, configuration data, or other restricted content. All Apache Doris deployments with vulnerable versions are affected.
💻 Affected Systems
- Apache Doris
📦 What is this software?
Doris by Apache
Doris by Apache
⚠️ Risk & Real-World Impact
Worst Case
Administrator credentials could be compromised, leading to complete system takeover, data exfiltration of sensitive files (including passwords, keys, configuration files), and potential lateral movement within the network.
Likely Case
Unauthorized reading of sensitive configuration files, database credentials, or other restricted files that could enable further attacks or data breaches.
If Mitigated
Limited impact if proper network segmentation, least privilege access controls, and file system permissions are implemented, though the vulnerability still provides unauthorized file access.
🎯 Exploit Status
Exploitation requires authenticated administrator access. The vulnerability is straightforward to exploit once credentials are obtained.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 2.1.8 or 3.0.3 or later
Vendor Advisory: https://lists.apache.org/thread/p70klgmyrgknhn0t195261wvwv5jw6hr
Restart Required: Yes
Instructions:
1. Backup your Doris configuration and data. 2. Download the patched version (2.1.8 or 3.0.3+) from the official Apache Doris website. 3. Stop the Doris service. 4. Replace the existing installation with the patched version. 5. Restart the Doris service. 6. Verify the version is updated.
🔧 Temporary Workarounds
Restrict Administrator Access
allLimit application administrator accounts to only trusted personnel and implement strong authentication controls.
File System Permissions Hardening
linuxRestrict file system permissions for the Doris process to only necessary directories using chroot, containerization, or strict file permissions.
chmod 750 /path/to/doris/data
chown doris:doris /path/to/doris/data
🧯 If You Can't Patch
- Implement strict network segmentation to isolate Apache Doris instances from sensitive systems and data.
- Deploy web application firewall (WAF) rules to detect and block path traversal patterns in requests.
🔍 How to Verify
Check if Vulnerable:
Check your Apache Doris version. If it's earlier than 2.1.8 (for 2.x branch) or earlier than 3.0.3 (for 3.x branch), you are vulnerable.Check Version:
Connect to Doris and run: SHOW VERSION; or check the Doris web UI dashboard for version information.Verify Fix Applied:
After patching, verify the version shows 2.1.8 or higher (for 2.x) or 3.0.3 or higher (for 3.x). Test that path traversal attempts are properly blocked.📡 Detection & Monitoring
Log Indicators:
- Unusual file access patterns in Doris logs
- Requests containing '../' sequences or other path traversal patterns
- Multiple failed file access attempts from administrator accounts
Network Indicators:
- HTTP requests with path traversal patterns (../, ..\, encoded equivalents) to Doris endpoints
- Unusual outbound data transfers following file access patterns
SIEM Query:
source="doris.logs" AND ("../" OR "..\\" OR "%2e%2e%2f" OR "%252e%252e%252f")