Lucene search

K

15 matches found

CVE
CVE
added 2024/02/20 10:15 a.m.6859 views

CVE-2023-49250

Because the HttpUtils class did not verify certificates, an attacker that could perform a Man-in-the-Middle (MITM) attack on outgoing https connections could impersonate the server. This issue affects Apache DolphinScheduler: before 3.2.0. Users are recommended to upgrade to version 3.2.1, which fi...

7.3CVSS7.1AI score0.00127EPSS
CVE
CVE
added 2024/02/23 5:15 p.m.3581 views

CVE-2024-23320

Improper Input Validation vulnerability in Apache DolphinScheduler. An authenticated user can cause arbitrary, unsandboxed javascript to be executed on the server. This issue is a legacy of CVE-2023-49299. We didn't fix it completely in CVE-2023-49299, and we added one more patch to fix it. This is...

8.8CVSS8.4AI score0.00741EPSS
CVE
CVE
added 2022/03/30 10:15 a.m.117 views

CVE-2022-25598

Apache DolphinScheduler user registration is vulnerable to Regular express Denial of Service (ReDoS) attacks, Apache DolphinScheduler users should upgrade to version 2.0.5 or higher.

7.5CVSS7.5AI score0.01305EPSS
CVE
CVE
added 2022/10/28 8:15 a.m.86 views

CVE-2022-26884

Users can read any files by log server, Apache DolphinScheduler users should upgrade to version 2.0.6 or higher.

6.5CVSS6.3AI score0.00396EPSS
CVE
CVE
added 2022/11/24 4:15 p.m.79 views

CVE-2022-26885

When using tasks to read config files, there is a risk of database password disclosure. We recommend you upgrade to version 2.0.6 or higher.

7.5CVSS7.5AI score0.00212EPSS
CVE
CVE
added 2022/11/01 4:15 p.m.69 views

CVE-2022-34662

When users add resources to the resource center with a relation path will cause path traversal issues and only for logged-in users. You could upgrade to version 3.0.0 or higher

6.5CVSS6.5AI score0.00216EPSS
CVE
CVE
added 2023/12/30 5:15 p.m.68 views

CVE-2023-49299

Improper Input Validation vulnerability in Apache DolphinScheduler. An authenticated user can cause arbitrary, unsandboxed javascript to be executed on the server.This issue affects Apache DolphinScheduler: until 3.1.9. Users are recommended to upgrade to version 3.1.9, which fixes the issue.

8.8CVSS8.6AI score0.00741EPSS
CVE
CVE
added 2022/11/23 9:15 a.m.66 views

CVE-2022-45462

Alarm instance management has command injection when there is a specific command configured. It is only for logged-in users. We recommend you upgrade to version 2.0.6 or higher

9.8CVSS9.8AI score0.03677EPSS
CVE
CVE
added 2023/01/04 3:15 p.m.64 views

CVE-2022-45875

Improper validation of script alert plugin parameters in Apache DolphinScheduler to avoid remote command execution vulnerability. This issue affects Apache DolphinScheduler version 3.0.1 and prior versions; version 3.1.0 and prior versions.This attack can be performed only by authenticated users wh...

9.8CVSS9.5AI score0.03082EPSS
CVE
CVE
added 2021/11/01 10:15 a.m.61 views

CVE-2021-27644

In Apache DolphinScheduler before 1.3.6 versions, authorized users can use SQL injection in the data source center. (Only applicable to MySQL data source with internal login account password)

8.8CVSS9AI score0.0394EPSS
CVE
CVE
added 2024/08/12 1:38 p.m.58 views

CVE-2024-29831

Improper Input Validation vulnerability in Apache DolphinScheduler. An authenticated user can cause arbitrary, unsandboxed javascript to be executed on the server. If you are using the switch task plugin, please upgrade to version 3.2.2.

8.8CVSS6.4AI score0.00253EPSS
CVE
CVE
added 2023/11/27 10:15 a.m.49 views

CVE-2023-49068

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache DolphinScheduler.This issue affects Apache DolphinScheduler: before 3.2.1. Users are recommended to upgrade to version 3.2.1, which fixes the issue. At the time of disclosure of this advisory, this version has not ye...

7.5CVSS7.4AI score0.0016EPSS
CVE
CVE
added 2023/11/30 9:15 a.m.40 views

CVE-2023-49620

Before DolphinScheduler version 3.1.0, the login user could delete UDF function in the resource center unauthorized (which almost used in sql task), with unauthorized access vulnerability (IDOR), but after version 3.1.0 we fixed this issue. We mark this cve as moderate level because it still requir...

6.5CVSS6.3AI score0.00333EPSS
CVE
CVE
added 2025/09/03 9:15 a.m.11 views

CVE-2024-43115

Improper Input Validation vulnerability in Apache DolphinScheduler. An authenticated user can execute any shell script server by alert script. This issue affects Apache DolphinScheduler: before 3.2.2. Users are recommended to upgrade to version 3.3.1, which fixes the issue.

8.8CVSS6.4AI score0.00049EPSS
CVE
CVE
added 2025/09/03 10:15 a.m.10 views

CVE-2024-43166

Incorrect Default Permissions vulnerability in Apache DolphinScheduler. This issue affects Apache DolphinScheduler: before 3.2.2. Users are recommended to upgrade to version 3.3.1, which fixes the issue.

9.8CVSS6.4AI score0.0008EPSS