Lucene search
GoogleOSV:GHSA-QHH5-9738-G9MXHistoryFeb 09, 2022 - 10:26 p.m.
Incorrect Default Permissions in Apache DolphinScheduler
2022-02-0922:26:32
Google
osv.dev
6
0.001 Low
EPSS
Percentile
38.2%
Versions of Apache DolphinScheduler prior to 1.3.2 allowed an ordinary user under any tenant to override another users password through the API interface.
References
github.com/apache/incubator-dolphinscheduler
github.com/apache/incubator-dolphinscheduler/commit/b8a9e2e00f2f207ae60c913a7173b59405ff95f1
github.com/pypa/advisory-database/tree/main/vulns/apache-dolphinscheduler/PYSEC-2021-876.yaml
nvd.nist.gov/vuln/detail/CVE-2020-13922
www.mail-archive.com/[email protected]/msg06076.html
Related
prion
prion
Default credentials
2021-01-11 10:15:00
osv
osv
CVE-2020-13922
2021-01-11 10:15:13
PYSEC-2021-876
2021-01-11 10:15:00
cve
cve
CVE-2020-13922
2021-01-11 10:15:13
veracode
veracode
Authorization Bypass
2020-09-11 05:08:57
nvd
nvd
CVE-2020-13922
2021-01-11 10:15:13
cvelist
cvelist
CVE-2020-13922 Apache DolphinScheduler (incubating) Permission vulnerability
2021-01-11 09:40:19
github
github
Incorrect Default Permissions in Apache DolphinScheduler
2022-02-09 22:26:32