Dolphinscheduler Security Vulnerabilities and Issues — Dolphinscheduler CVE List

Lucene search

ApacheDolphinscheduler

3 matches found

CVE•added 2023/11/24 8:15 a.m.•64 views

CVE-2023-48796

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache DolphinScheduler. The information exposed to unauthorized actors may include sensitive data such as database credentials. Users who can't upgrade to the fixed version can also set environment variable MANAGEMENT_ENDP...

7.5CVSS7.4AI score0.00266EPSS

CVE•added 2023/11/27 10:15 a.m.•48 views

CVE-2023-49068

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache DolphinScheduler.This issue affects Apache DolphinScheduler: before 3.2.1. Users are recommended to upgrade to version 3.2.1, which fixes the issue. At the time of disclosure of this advisory, this version has not ye...

7.5CVSS7.4AI score0.00119EPSS

CVE•added 2023/11/30 9:15 a.m.•38 views

CVE-2023-49620

Before DolphinScheduler version 3.1.0, the login user could delete UDF function in the resource center unauthorized (which almost used in sql task), with unauthorized access vulnerability (IDOR), but after version 3.1.0 we fixed this issue. We mark this cve as moderate level because it still requir...

6.5CVSS6.3AI score0.00249EPSS