Primary

Context

Apache Doris MCP Server Improper Access Control Bypasses Read-Only Mode

Vulnerability

A vulnerability exists in Apache Doris MCP Server versions 0.1.0 prior to 0.6.0, allowing attackers with valid read-only accounts to bypass read-only restrictions. This is due to improper access control, which enables unauthorized modifications that should have been blocked by the read-only status.

Impact

Exploitation of this vulnerability allows read-only users to make unauthorized changes, effectively bypassing the intended access restrictions.

Remediation

Users are advised to upgrade to Apache Doris MCP Server version 0.6.0 or later, as this release includes the necessary fix.

Added: Nov 5, 2025, 10:19 AM

Updated: Nov 5, 2025, 11:19 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

5.2

remediation

7.7

relevance

0.9

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

5.2

remediation

7.7

relevance

0.9

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Apache Doris MCP Server Improper Access Control Bypasses Read-Only Mode

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating