Dolphinscheduler@* Security Vulnerabilities and Issues — Dolphinscheduler@* CVE List

Lucene search

ApacheDolphinscheduler*

8 matches found

CVE•added 2024/02/20 10:15 a.m.•7981 views

CVE-2023-51770

Arbitrary File Read Vulnerability in Apache Dolphinscheduler. This issue affects Apache DolphinScheduler: before 3.2.1. We recommend users to upgrade Apache DolphinScheduler to version 3.2.1, which fixes the issue.

7.5CVSS6.5AI score0.01007EPSS

CVE•added 2024/02/20 10:15 a.m.•6858 views

CVE-2023-49250

Because the HttpUtils class did not verify certificates, an attacker that could perform a Man-in-the-Middle (MITM) attack on outgoing https connections could impersonate the server. This issue affects Apache DolphinScheduler: before 3.2.0. Users are recommended to upgrade to version 3.2.1, which fi...

7.3CVSS7.1AI score0.00127EPSS

CVE•added 2024/02/20 10:15 a.m.•4659 views

CVE-2023-50270

Session Fixation Apache DolphinScheduler before version 3.2.0, which session is still valid after the password change. Users are recommended to upgrade to version 3.2.1, which fixes this issue.

6.5CVSS6.5AI score0.00598EPSS

CVE•added 2024/02/20 10:15 a.m.•4598 views

CVE-2023-49109

Exposure of Remote Code Execution in Apache Dolphinscheduler. This issue affects Apache DolphinScheduler: before 3.2.1. We recommend users to upgrade Apache DolphinScheduler to version 3.2.1, which fixes the issue.

9.8CVSS9.7AI score0.03232EPSS

CVE•added 2024/02/23 5:15 p.m.•3580 views

CVE-2024-23320

Improper Input Validation vulnerability in Apache DolphinScheduler. An authenticated user can cause arbitrary, unsandboxed javascript to be executed on the server. This issue is a legacy of CVE-2023-49299. We didn't fix it completely in CVE-2023-49299, and we added one more patch to fix it. This is...

8.8CVSS8.4AI score0.00741EPSS

CVE•added 2024/08/12 1:38 p.m.•71 views

CVE-2024-30188

File read and write vulnerability in Apache DolphinScheduler , authenticated users can illegally access additional resource files.This issue affects Apache DolphinScheduler: from 3.1.0 before 3.2.2. Users are recommended to upgrade to version 3.2.2, which fixes the issue.

8.8CVSS6.3AI score0.80469EPSS

CVE•added 2024/08/20 8:15 a.m.•59 views

CVE-2024-43202

Exposure of Remote Code Execution in Apache Dolphinscheduler. This issue affects Apache DolphinScheduler: before 3.2.2. We recommend users to upgrade Apache DolphinScheduler to version 3.2.2, which fixes the issue.

9.8CVSS7.4AI score0.02919EPSS

CVE•added 2024/08/12 1:38 p.m.•55 views

CVE-2024-29831

Improper Input Validation vulnerability in Apache DolphinScheduler. An authenticated user can cause arbitrary, unsandboxed javascript to be executed on the server. If you are using the switch task plugin, please upgrade to version 3.2.2.

8.8CVSS6.4AI score0.00287EPSS