CVE-2023-49620

Before DolphinScheduler version 3.1.0, the login user could delete UDF function in the resource center unauthorized which almost used in sql task, with unauthorized access vulnerability IDOR, but after version 3.1.0 we fixed this issue. We mark this cve as moderate level because it still requires...

CVE-2022-34662

When users add resources to the resource center with a relation path will cause path traversal issues and only for logged-in users. You could upgrade to version 3.0.0 or higher...

CVE-2024-54271

creationtimestamp| type| source ---|---|--- 2024-12-13 23:59:52+00:00| seen| https://infosec.exchange/users/cve/statuses/113648231497720047...

Introducing the MSRC Researcher Resource Center

Microsoft partners with the global security researcher community to surface and report security vulnerabilities to protect all users of Microsoft products and services. Researcher submissions help us address immediate threats while also identifying trends and insights to holistically improve the...

Number of data breach victims goes up 1,000%

Nope, that headlines not a typo. Over one thousand percent. The Identity Theft Resource Center ITRC tracked 1,041,312,601 data breach victims in Q2 2024, an increase of 1,170% over Q2 2023 81,958,874 victims. The ITRC is a national non-profit organization set up with the goal of minimizing the ri...

Missing Authorization

DolphinScheduler is is vulnerable to Missing Authorization. The vulnerability is due to insufficient permission checks for UDF function operations in the resource center. This allowed logged-in users to delete UDF functions without proper authorization...

CVE-2023-49620 Apache DolphinScheduler: Authenticated users could delete UDFs in resource center they were not authorized for

Before DolphinScheduler version 3.1.0, the login user could delete UDF function in the resource center unauthorized which almost used in sql task, with unauthorized access vulnerability IDOR, but after version 3.1.0 we fixed this issue. We mark this cve as moderate level because it still requires...

PT-2023-31274 · Unknown · Dolphinscheduler

Name of the Vulnerable Software and Affected Versions: DolphinScheduler versions prior to 3.1.0 Description: The issue allows authenticated users to delete UDF functions in the resource center without authorization, which is related to an unauthorized access vulnerability, also known as Insecure...

Apache DolphinScheduler Security Vulnerability

Apache Dolphinscheduler is a modern data scheduling platform from the Apache USA Foundation. A security vulnerability exists in Apache DolphinScheduler versions prior to 3.1.0, which stems from the ability of a logged-in user to unauthorizedly delete a resource center via a UDF function...

Apache DolphinScheduler Path Traversal Vulnerability (CNVD-2022-78865)

Apache DolphinScheduler, a distributed DAG visualization-based workflow task scheduling system from the Apache Foundation, is vulnerable to a path traversal vulnerability in versions prior to Apache DolphinScheduler 3.0.0, which stems from a path traversal when a user adds a resource to the...

Apache DolphinScheduler vulnerable to Path Traversal

When users add resources to the resource center with a relation path, this vulnerability will cause path traversal issues for logged-in users. Users should upgrade to version 3.0.0 to avoid this issue...

CVE-2022-34662

When users add resources to the resource center with a relation path will cause path traversal issues and only for logged-in users. You could upgrade to version 3.0.0 or higher...

CVE-2022-34662

When users add resources to the resource center with a relation path will cause path traversal issues and only for logged-in users. You could upgrade to version 3.0.0 or higher...

Path traversal

When users add resources to the resource center with a relation path will cause path traversal issues and only for logged-in users. You could upgrade to version 3.0.0 or higher...

Apache DolphinScheduler 路径遍历漏洞

Apache DolphinScheduler, a distributed DAG visualization-based workflow task scheduling system from the Apache Foundation, is vulnerable to a path traversal vulnerability in versions prior to Apache DolphinScheduler 3.0.0, which stems from a path traversal when a user adds a resource to the...

PT-2022-22276 · Softwarex · Softwarex

Name of the Vulnerable Software and Affected Versions: SoftwareX versions prior to 3.0.0 Description: The issue arises when users add resources to the resource center with a relation path, causing path traversal issues. This problem affects only logged-in users. Recommendations: For versions prio...

CVE-2022-34662

CVE-2022-34662 affects Apache DolphinScheduler. The resource-center path traversal vulnerability occurs when users add resources with a relation path and is applicable to versions prior to 3.0.0. The vulnerability is described as present for logged-in users, with the recommended remediation to up...

Top 5 DevOps Resource Center Articles of 2021

We look back on the 5 most popular DevOps Resource Center articles in 2021 to help you build at your best in 2022...

SQL Injection Vulnerability in National Digital Learning Resource Center Website Building System

The National Center for Digital Learning Resources NCDLR is a business unit engaged in the research, development, promotion and service of digital learning resources and education informatization software. A SQL injection vulnerability exists in the National Digital Learning Resource Center's...

Logic Flaw Vulnerability in Beijing Legends Resource Center Management System

Beijing Legendary Huayu Education Technology Co., Ltd. focuses on the role and development of the management and application of unstructured data in education and teaching, regulating the collection, management and application of digital resources as the main direction. Legend Resource Center...