{"schema_version": "1.6.1", "id": "CVE-2022-23942", "summary": "Apache Doris hardcoded cryptography initialization", "details": "Apache Doris, prior to 1.0.0, used a hardcoded key and IV to initialize the cipher used for ldap password, which may lead to information disclosure.", "affected": [{"ranges": [{"type": "SEMVER", "events": [{"introduced": "0.15.0"}, {"last_affected": "0.15.0"}]}]}], "references": [{"type": "ADVISORY", "url": "https://lists.apache.org/thread/com2dyzp3bn2rdrotry90q2zzord4tvt"}]}