Severity: moderate Affected versions:
- Apache Doris-MCP-Server 0.1.0 before 0.6.0 Description: An attacker with a valid read-only account can bypass Doris MCP Server’s read-only mode due to improper access control, allowing modifications that should have been prevented by read-only restrictions. Impact: Bypasses read-only mode; attackers with read-only access may perform unauthorized modifications. Recommended action for operators: Upgrade to version 0.6.0 as soon as possible (this release contains the fix). Credit: Liran Tal, ([email protected]) (finder) References: https://doris.apache.org https://www.cve.org/CVERecord?id=CVE-2025-58337 --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
