An attacker with a valid read-only account can bypass Doris MCP Server’s read-only mode due to improper access control, allowing modifications that should have been prevented by read-only restrictions. Impact: Bypasses read-only mode; attackers with read-only access may perform unauthorized modifications. Recommended action for operators: Upgrade to version 0.6.0 as soon as possible (this release contains the fix).
| Package (Ecosystem) | Introduced | Fixed | Limit |
|---|---|---|---|
| doris-mcp-server(PyPI) | 0 | 0.6.0 | N/A |
CVSS Metrics
