Apache: >> Dolphinscheduler >> 2.0.5 Security Vulnerabilities
Improper validation of script alert plugin parameters in Apache DolphinScheduler to avoid remote command execution vulnerability. This issue affects Apache DolphinScheduler version 3.0.1 and prior versions; version 3.1.0 and prior versions.
This attack can be performed only by authenticated users which can login to DS.
CVSS Score
9.8
EPSS Score
0.031
Published
2023-01-04
When using tasks to read config files, there is a risk of database password disclosure. We recommend you upgrade to version 2.0.6 or higher.
CVSS Score
7.5
EPSS Score
0.002
Published
2022-11-24
Alarm instance management has command injection when there is a specific command configured. It is only for logged-in users. We recommend you upgrade to version 2.0.6 or higher
CVSS Score
9.8
EPSS Score
0.036
Published
2022-11-23
When users add resources to the resource center with a relation path will cause path traversal issues and only for logged-in users. You could upgrade to version 3.0.0 or higher
CVSS Score
6.5
EPSS Score
0.002
Published
2022-11-01
Users can read any files by log server, Apache DolphinScheduler users should upgrade to version 2.0.6 or higher.
CVSS Score
6.5
EPSS Score
0.004
Published
2022-10-28
Page 2