Lucene search
ApacheCVELIST:CVE-2022-45875HistoryJan 04, 2023 - 2:57 p.m.
CVE-2022-45875 Apache DolphinScheduler: Remote command execution Vulnerability in script alert plugin
2023-01-0414:57:45
CWE-20
apache
www.cve.org
3
apache dolphinscheduler
remote command execution vulnerability
script alert plugin
improper validation
cve-2022-45875
authenticated users
version 3.0.1
version 3.1.0
Improper validation of script alert plugin parameters in Apache DolphinScheduler to avoid remote command execution vulnerability. This issue affects Apache DolphinScheduler version 3.0.1 and prior versions; version 3.1.0 and prior versions.
This attack can be performed only by authenticated users which can login to DS.
CNA Affected
[
{
"defaultStatus": "unaffected",
"product": "Apache DolphinScheduler",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThanOrEqual": "3.0.1",
"status": "affected",
"version": "3.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "3.1.0",
"status": "affected",
"version": "3.1",
"versionType": "custom"
}
]
}
]Related
osv
osv
CVE-2022-45875
2023-01-04 15:15:09
Apache DolphinScheduler vulnerable to Improper Input Validation
2023-01-04 15:30:19
PYSEC-2023-4
2023-01-04 15:15:00
nvd
nvd
CVE-2022-45875
2023-01-04 15:15:09
cve
cve
CVE-2022-45875
2023-01-04 15:15:09
cnvd
cnvd
Apache DolphinScheduler Input Validation Error Vulnerability
2023-01-09 00:00:00
github
github
Apache DolphinScheduler vulnerable to Improper Input Validation
2023-01-04 15:30:19
prion
prion
Design/Logic Flaw
2023-01-04 15:15:00
veracode
veracode
Remote Code Execution (RCE)
2023-01-08 05:31:41