Lucene search
K

21 matches found

CVE
CVE
added 2024/02/20 10:0 a.m.6875 views

CVE-2023-49250

CVE-2023-49250 affects Apache DolphinScheduler prior to 3.2.0, where the HttpUtils class fails to verify TLS certificates. This allows an attacker in a MITM position on outgoing HTTPS connections to impersonate the server, potentially impacting confidentiality, integrity, and availability of the ...

7.3CVSS7.1AI score0.00704EPSS
CVE
CVE
added 2024/02/23 4:57 p.m.3604 views

CVE-2024-23320

CVE-2024-23320 is an improper input validation vulnerability in Apache DolphinScheduler (up to version 3.2.1). An authenticated user can cause arbitrary, unsandboxed JavaScript to be executed on the server. The issue is described as a legacy of CVE-2023-49299, with an additional patch applied to ...

8.8CVSS8.4AI score0.01388EPSS
CVE
CVE
added 2022/03/30 9:20 a.m.129 views

CVE-2022-25598

CVE-2022-25598 affects Apache DolphinScheduler. The vulnerability is a Regular Expression Denial of Service (ReDoS) in the user registration interface, exploited by crafted input to cause denial of service. Impact is partial availability degradation of the application. The public guidance in the ...

7.5CVSS7.5AI score0.01904EPSS
CVE
CVE
added 2022/10/28 12:0 a.m.99 views

CVE-2022-26884

CVE-2022-26884 affects Apache DolphinScheduler prior to version 2.0.6, introducing a path traversal vulnerability where a log server request could allow reading arbitrary files. The root cause is inadequate filtering of resources/files in path handling. Impact is limited to confidentiality (high)...

6.5CVSS6.3AI score0.01486EPSS
CVE
CVE
added 2023/12/30 4:27 p.m.91 views

CVE-2023-49299

CVE-2023-49299 (Apache DolphinScheduler) : An authenticated user can trigger server-side, unsandboxed JavaScript execution due to improper input validation. The issue affects DolphinScheduler prior to fixed versions and is treated as a legacy/continued vulnerability in later advisories. A fix is ...

8.8CVSS8.6AI score0.01418EPSS
CVE
CVE
added 2022/11/24 12:0 a.m.90 views

CVE-2022-26885

Apache Dolphin Scheduler is affected by CVE-2022-26885, where using tasks to read config files can disclose database passwords. The issue stems from improper handling of logs in LoggerRequestProcessor.java, per Veracode and related advisories. Affected product: Dolphin Scheduler server; vulnerabi...

7.5CVSS7.5AI score0.01234EPSS
CVE
CVE
added 2022/11/01 12:0 a.m.83 views

CVE-2022-34662

CVE-2022-34662 affects Apache DolphinScheduler. The resource-center path traversal vulnerability occurs when users add resources with a relation path and is applicable to versions prior to 3.0.0. The vulnerability is described as present for logged-in users, with the recommended remediation to up...

6.5CVSS6.5AI score0.0141EPSS
CVE
CVE
added 2023/01/04 2:57 p.m.82 views

CVE-2022-45875

Apache DolphinScheduler (CVE-2022-45875) is affected by improper validation of script alert plugin parameters, allowing remote command execution. The issue affects 3.0.1 and earlier, and 3.1.0 and earlier; authenticated users who can log in to DolphinScheduler could exploit it. CVSSv3.1 base scor...

9.8CVSS9.5AI score0.0255EPSS
CVE
CVE
added 2022/11/23 12:0 a.m.79 views

CVE-2022-45462

Summary: Apache DolphinScheduler contains a command injection vulnerability in the Alarm/Alert Instance Management service when a specific command is configured. The issue affects versions prior to 2.0.6 and could allow an attacker to inject commands. The vulnerability is rated critical (CVSS v3....

9.8CVSS9.8AI score0.02773EPSS
CVE
CVE
added 2021/11/01 9:15 a.m.74 views

CVE-2021-27644

CVE-2021-27644 affects Apache DolphinScheduler prior to 1.3.6. Authorized users can trigger SQL injection in the data source center when using a MySQL data source with internal login credentials, potentially exposing or altering data in the underlying database. The related records consistently de...

8.8CVSS9AI score0.01861EPSS
CVE
CVE
added 2024/08/09 2:21 p.m.74 views

CVE-2024-29831

CVE-2024-29831 relates to an improper input validation vulnerability in Apache DolphinScheduler. An authenticated user can cause arbitrary, unsandboxed JavaScript to be executed on the server, potentially enabling remote code execution. Affected: DolphinScheduler; remediation guidance consistentl...

8.8CVSS6.4AI score0.01175EPSS
CVE
CVE
added 2023/11/27 9:49 a.m.66 views

CVE-2023-49068

CVE-2023-49068 affects Apache DolphinScheduler (before 3.2.1). The issue is exposure of sensitive information to an unauthorized actor via logs, with risk of leaking session-related data. Root cause is that log statements in the DolphinScheduler codebase may retain sensitive fields (e.g., session...

7.5CVSS7.4AI score0.01052EPSS
CVE
CVE
added 2023/11/30 8:17 a.m.54 views

CVE-2023-49620

CVE-2023-49620 affects Apache DolphinScheduler prior to 3.1.0. An authenticated user could delete UDF functions in the resource center (an operation commonly used by SQL tasks) due to an unauthorized access (IDOR) vulnerability. Red Hat, Veracode, GHSA and CVE records corroborate the issue, with ...

6.5CVSS6.3AI score0.01132EPSS
CVE
CVE
added 2025/09/03 9:10 a.m.49 views

CVE-2024-43166

Summary (CVE-2024-43166) : Apache DolphinScheduler before 3.2.2 has an incorrect default permissions vulnerability. Multiple sources (Red Hat, NVD, OSV, CNVD, GHSA) reference the same issue and advise upgrading to 3.3.1 to fix it. The CVSSv3.1 score is listed as 9.8 (CRITICAL) with network attack...

9.8CVSS6.4AI score0.00496EPSS
CVE
CVE
added 2025/09/03 8:38 a.m.33 views

CVE-2024-43115

CVE-2024-43115 affects Apache DolphinScheduler (pre-3.2.2). The issue is due to improper input validation, permitting an authenticated user to trigger execution of arbitrary shell scripts via the alert script. Upgrading to 3.3.1 is recommended and fixes the vulnerability. There is no exploitation...

8.8CVSS6.4AI score0.00461EPSS
CVE
CVE
added 2026/04/24 10:56 a.m.26 views

CVE-2026-23902

CVE-2026-23902 concerns an Incorrect Authorization flaw in Apache DolphinScheduler. The weakness allows authenticated users with system login permissions to operate using tenants not defined on the platform during workflow execution. Affected versions are DolphinScheduler prior to 3.4.1; remediat...

8.1CVSS5.3AI score0.00446EPSS
CVE
CVE
added 2026/06/17 8:57 a.m.19 views

CVE-2026-32967

The CVE-2026-32967 issue is an Incorrect Authorization vulnerability in Apache DolphinScheduler's /v2 experimental interface. Affected software: DolphinScheduler before version 3.4.2. Root cause: missing/incorrect permission checks on the /v2 endpoint. Impact: authorization bypass risk for the in...

9.1CVSS5.2AI score0.00337EPSS
CVE
CVE
added 2026/06/17 9:0 a.m.17 views

CVE-2026-47340

CVE-2026-47340 describes an authorization flaw in Apache DolphinScheduler prior to 3.4.2 where authenticated users can access alert instances tied to alert groups they should not access. The issue affects DolphinScheduler up to version before 3.4.2; the recommended fix is upgrading to version 3.4...

6.5CVSS5.3AI score0.00433EPSS
CVE
CVE
added 2026/06/17 8:43 a.m.14 views

CVE-2026-32966

The CVE affects Apache DolphinScheduler prior to 3.4.2. A missing authorization check in the DataSource API allows exposure of arbitrary data source metadata to unauthenticated users, enabling potential disclosure of sensitive information. The issue’s root cause is insufficient access control on ...

9.8CVSS5.2AI score0.0039EPSS
CVE
CVE
added 2026/06/17 8:55 a.m.13 views

CVE-2026-41280

CVE-2026-41280 affects Apache DolphinScheduler prior to 3.4.2. The issue is an Incorrect Authorization vulnerability where users with system login privileges can delete task definitions in unauthorized projects due to insufficient access controls. The documented impact is deletion of task definit...

4.9CVSS5AI score0.00437EPSS
CVE
CVE
added 2026/06/17 8:56 a.m.11 views

CVE-2026-42357

CVE-2026-42357 describes an Incorrect Authorization vulnerability in Apache DolphinScheduler. The issue allows users to access workflow instance information for projects they should not access. Affected versions are DolphinScheduler

6.5CVSS5.2AI score0.00312EPSS