Lucene search
K

327 matches found

Nuclei
Nuclei
added 8 hours ago45 views

Apache DolphinScheduler >= 3.1.0, < 3.2.2 Resource File Read And Write

File read and write vulnerability in Apache DolphinScheduler, authenticated users can illegally access additional resource files. This issue affects Apache DolphinScheduler from 3.1.0 before 3.2.2. id: CVE-2024-30188 info: name: Apache DolphinScheduler = 3.1.0, 3.2.2 Resource File Read And Write...

8.8CVSS6.1AI score0.05987EPSS
Exploits0References3
Veracode
Veracode
added 2026/06/25 7:15 a.m.8 views

Improper Authorization

Apache DolphinScheduler is vulnerable to Improper Authorization. The vulnerability is due to incorrect authorization checks when accessing workflow instance information, where users can retrieve workflow details from projects they are not authorized to access...

6.5CVSS5.8AI score0.00312EPSS
Exploits0References2Affected Software1
Veracode
Veracode
added 2026/06/25 5:21 a.m.10 views

Improper Authorization

Apache DolphinScheduler is vulnerable to Improper Authorization. The vulnerability is due to a missing authorization check in the DataSource API, where requests are not properly validated before returning data source metadata, allowing unauthorized users to disclose sensitive data source...

9.8CVSS5.7AI score0.0039EPSS
Exploits0References2Affected Software1
Veracode
Veracode
added 2026/06/25 5:18 a.m.10 views

Improper Authorization

Apache DolphinScheduler is vulnerable to Improper Authorization. The vulnerability is due to incorrect authorization checks in the experimental /v2 interface, where insufficient access control allows attackers to perform unauthorized actions or access protected resources...

9.1CVSS5.9AI score0.00337EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2026/06/17 6:35 p.m.10 views

EUVD-2026-37584

Allow authenticated users to access alert instances associated with alert groups they do not have permission to access. in Apache DolphinScheduler. This issue affects Apache DolphinScheduler: before 3.4.2. Users are recommended to upgrade to version 3.4.2, which fixes the issue...

6.5CVSS5.4AI score0.00433EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/17 6:35 p.m.11 views

EUVD-2026-37582

Incorrect Authorization vulnerability allows users to access workflow instance information belonging to projects they do not have permission to access. This issue affects Apache DolphinScheduler versions prior to 3.4.2. Users are recommended to upgrade to version 3.4.2, which fixes this issue...

6.5CVSS5.3AI score0.00312EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/17 6:35 p.m.10 views

EUVD-2026-37581

Incorrect Authorization vulnerability allows users with system login privileges to delete task definitions in unauthorized projects This issue affects Apache DolphinScheduler versions prior to 3.4.2. Users are recommended to upgrade to version 3.4.2, which fixes this issue...

4.9CVSS5.1AI score0.00437EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/17 6:35 p.m.12 views

EUVD-2026-37580

DataSource API Missing Authorization Check Leads to Arbitrary Data Source Metadata Disclosure in Apache DolphinScheduler. This issue affects Apache DolphinScheduler: before 3.4.2. Users are recommended to upgrade to version 3.4.2, which fixes the issue...

9.8CVSS5.3AI score0.0039EPSS
Exploits0References3
NVD
NVD
added 2026/06/17 1:20 p.m.12 views

CVE-2026-42357

Incorrect Authorization vulnerability allows users to access workflow instance information belonging to projects they do not have permission to access. This issue affects Apache DolphinScheduler versions prior to 3.4.2. Users are recommended to upgrade to version 3.4.2, which fixes this issue...

6.5CVSS0.00312EPSS
Exploits0References2
NVD
NVD
added 2026/06/17 1:20 p.m.10 views

CVE-2026-41280

Incorrect Authorization vulnerability allows users with system login privileges to delete task definitions in unauthorized projects This issue affects Apache DolphinScheduler versions prior to 3.4.2. Users are recommended to upgrade to version 3.4.2, which fixes this issue...

4.9CVSS0.00437EPSS
Exploits0References2
NVD
NVD
added 2026/06/17 1:20 p.m.9 views

CVE-2026-32967

Incorrect Authorization vulnerability of /v2 experimental interface in Apache DolphinScheduler. This issue affects Apache DolphinScheduler: before 3.4.2. Users are recommended to upgrade to version 3.4.2, which fixes the issue...

9.1CVSS0.00337EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/17 10:15 a.m.6 views

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization due to missing authorization checks in the DataSource API. An attacker can access and retrieve arbitrary data source metadata by sending unauthorized requests to the affected API endpoints. Remediation Upgrade...

9.8CVSS6AI score0.0039EPSS
Exploits0References2
CVE
CVE
added 2026/06/17 9:0 a.m.22 views

CVE-2026-47340

CVE-2026-47340 describes an authorization flaw in Apache DolphinScheduler prior to 3.4.2 where authenticated users can access alert instances tied to alert groups they should not access. The issue affects DolphinScheduler up to version before 3.4.2; the recommended fix is upgrading to version 3.4...

6.5CVSS5.3AI score0.00433EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/06/17 8:57 a.m.33 views

CVE-2026-32967 Apache DolphinScheduler: The `/v2` experimental interface lacks permission checks

Incorrect Authorization vulnerability of /v2 experimental interface in Apache DolphinScheduler. This issue affects Apache DolphinScheduler: before 3.4.2. Users are recommended to upgrade to version 3.4.2, which fixes the issue...

0.00337EPSS
Exploits0References1
CVE
CVE
added 2026/06/17 8:57 a.m.25 views

CVE-2026-32967

The CVE-2026-32967 issue is an Incorrect Authorization vulnerability in Apache DolphinScheduler's /v2 experimental interface. Affected software: DolphinScheduler before version 3.4.2. Root cause: missing/incorrect permission checks on the /v2 endpoint. Impact: authorization bypass risk for the in...

9.1CVSS5.2AI score0.00337EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/06/17 8:56 a.m.16 views

CVE-2026-42357

CVE-2026-42357 describes an Incorrect Authorization vulnerability in Apache DolphinScheduler. The issue allows users to access workflow instance information for projects they should not access. Affected versions are DolphinScheduler

6.5CVSS5.2AI score0.00312EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/06/17 8:56 a.m.31 views

CVE-2026-42357 Apache DolphinScheduler: Incorrect Authorization vulnerability allows users to access workflow instance information belonging to projects they do not have permission to access.

Incorrect Authorization vulnerability allows users to access workflow instance information belonging to projects they do not have permission to access. This issue affects Apache DolphinScheduler versions prior to 3.4.2. Users are recommended to upgrade to version 3.4.2, which fixes this issue...

0.00312EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/17 8:43 a.m.35 views

CVE-2026-32966 Apache DolphinScheduler: DataSource API Missing Authorization Check Leads to Arbitrary Data Source Metadata Disclosure

DataSource API Missing Authorization Check Leads to Arbitrary Data Source Metadata Disclosure in Apache DolphinScheduler. This issue affects Apache DolphinScheduler: before 3.4.2. Users are recommended to upgrade to version 3.4.2, which fixes the issue...

0.0039EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:51 p.m.11 views

CVE-2025-62233

Deserialization of Untrusted Data vulnerability in Apache DolphinScheduler RPC module. This issue affects Apache DolphinScheduler: Version = 3.2.0 and 3.3.1. Attackers who can access the Master or Worker nodes can compromise the system by creating a StandardRpcRequest, injecting a malicious class...

6.3CVSS5.4AI score0.00537EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:49 p.m.11 views

CVE-2026-23902

Incorrect Authorization vulnerability in Apache DolphinScheduler allows authenticated users with system login permissions to use tenants that are not defined on the platform during workflow execution. This issue affects Apache DolphinScheduler versions prior to 3.4.1. Users are recommended to...

8.1CVSS5.5AI score0.00446EPSS
Exploits0References1
Rows per page
Query Builder