漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
Apache Doris-MCP-Server: Improper Access Control results in bypassing a "read-only" mode for doris-mcp-server MCP Server
Vulnerability Description
An attacker with a valid read-only account can bypass Doris MCP Server’s read-only mode due to improper access control, allowing modifications that should have been prevented by read-only restrictions. Impact: Bypasses read-only mode; attackers with read-only access may perform unauthorized modifications. Recommended action for operators: Upgrade to version 0.6.0 as soon as possible (this release contains the fix).
CVSS Information
N/A
Vulnerability Type
访问控制不恰当
Vulnerability Title
Apache Doris MCP Server 安全漏洞
Vulnerability Description
Apache Doris MCP Server是Apache基金会的一个上下文协议后端服务。 Apache Doris MCP Server 0.1.0至0.6.0之前版本存在安全漏洞,该漏洞源于访问控制不当,可能导致具有只读权限的攻击者执行未经授权的修改。
CVSS Information
N/A
Vulnerability Type
N/A