Apache: >> Dolphinscheduler >> 3.1.2 Security Vulnerabilities
Exposure of Remote Code Execution in Apache Dolphinscheduler.
This issue affects Apache DolphinScheduler: before 3.2.2.
We recommend users to upgrade Apache DolphinScheduler to version 3.2.2, which fixes the issue.
CVSS Score
9.8
EPSS Score
0.029
Published
2024-08-20
File read and write vulnerability in Apache DolphinScheduler , authenticated users can illegally access additional resource files.
This issue affects Apache DolphinScheduler: from 3.1.0 before 3.2.2.
Users are recommended to upgrade to version 3.2.2, which fixes the issue.
CVSS Score
8.1
EPSS Score
0.805
Published
2024-08-12
Improper Input Validation vulnerability in Apache DolphinScheduler. An authenticated user can cause arbitrary, unsandboxed javascript to be executed on the server. If you are using the switch task plugin, please upgrade to version 3.2.2.
CVSS Score
8.8
EPSS Score
0.003
Published
2024-08-12
Improper Input Validation vulnerability in Apache DolphinScheduler. An authenticated user can cause arbitrary, unsandboxed javascript to be executed on the server.
This issue is a legacy of CVE-2023-49299. We didn't fix it completely in CVE-2023-49299, and we added one more patch to fix it.
This issue affects Apache DolphinScheduler: until 3.2.1.
Users are recommended to upgrade to version 3.2.1, which fixes the issue.
CVSS Score
8.8
EPSS Score
0.007
Published
2024-02-23
Because the HttpUtils class did not verify certificates, an attacker that could perform a Man-in-the-Middle (MITM) attack on outgoing https connections could impersonate the server.
This issue affects Apache DolphinScheduler: before 3.2.0.
Users are recommended to upgrade to version 3.2.1, which fixes the issue.
CVSS Score
7.3
EPSS Score
0.001
Published
2024-02-20
Session Fixation Apache DolphinScheduler before version 3.2.0, which session is still valid after the password change.
Users are recommended to upgrade to version 3.2.1, which fixes this issue.
CVSS Score
6.5
EPSS Score
0.006
Published
2024-02-20
Arbitrary File Read Vulnerability in Apache Dolphinscheduler.
This issue affects Apache DolphinScheduler: before 3.2.1.
We recommend users to upgrade Apache DolphinScheduler to version 3.2.1, which fixes the issue.
CVSS Score
7.5
EPSS Score
0.01
Published
2024-02-20
Exposure of Remote Code Execution in Apache Dolphinscheduler.
This issue affects Apache DolphinScheduler: before 3.2.1.
We recommend users to upgrade Apache DolphinScheduler to version 3.2.1, which fixes the issue.
CVSS Score
9.8
EPSS Score
0.032
Published
2024-02-20
Improper Input Validation vulnerability in Apache DolphinScheduler. An authenticated user can cause arbitrary, unsandboxed javascript to be executed on the server.This issue affects Apache DolphinScheduler: until 3.1.9.
Users are recommended to upgrade to version 3.1.9, which fixes the issue.
CVSS Score
8.8
EPSS Score
0.007
Published
2023-12-30
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache DolphinScheduler.This issue affects Apache DolphinScheduler: before 3.2.1.
Users are recommended to upgrade to version 3.2.1, which fixes the issue. At the time of disclosure of this advisory, this version has not yet been released. In the mean time, we recommend you make sure the logs are only available to trusted operators.
CVSS Score
7.5
EPSS Score
0.001
Published
2023-11-27
Page 1