Lucene search
ApacheCVELIST:CVE-2023-25601HistoryApr 20, 2023 - 3:07 p.m.
CVE-2023-25601 Apache DolphinScheduler 3.0.0 to 3.1.1 python gateway has improper authentication
2023-04-2015:07:00
CWE-287
apache
www.cve.org
cve-2023-25601
apache dolphinscheduler
version 3.0.0 to 3.1.1
python gateway
improper authentication
socket bytes attack
version 3.1.2
configuration file
application.yaml
python-gateway.enabled=false
upgrade
On version 3.0.0 through 3.1.1, Apache DolphinScheduler’s python gateway suffered from improper authentication: an attacker could use a socket bytes attack without authentication. This issue has been fixed from version 3.1.2 onwards. For users who use version 3.0.0 to 3.1.1, you can turn off the python-gateway function by changing the value python-gateway.enabled=false in configuration file application.yaml. If you are using the python gateway, please upgrade to version 3.1.2 or above.
CNA Affected
[
{
"defaultStatus": "unaffected",
"product": "Apache DolphinScheduler",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThan": "3.1.2",
"status": "affected",
"version": "3.0.0",
"versionType": "semver"
}
]
}
]Related
cnvd
cnvd
Apache DolphinScheduler Authorization Issues Vulnerability
2023-04-23 00:00:00
osv
osv
CVE-2023-25601
2023-04-20 16:15:07
cve
cve
CVE-2023-25601
2023-04-20 16:15:07
nvd
nvd
CVE-2023-25601
2023-04-20 16:15:07
github
github
veracode
veracode
Improper Authentication
2023-04-24 08:53:10
prion
prion
Authentication flaw
2023-04-20 16:15:00