Dolphinscheduler Security Vulnerabilities and Issues — Dolphinscheduler CVE List

Lucene search

ApacheDolphinscheduler

5 matches found

CVE•added 2024/02/20 10:15 a.m.•4659 views

CVE-2023-50270

Session Fixation Apache DolphinScheduler before version 3.2.0, which session is still valid after the password change. Users are recommended to upgrade to version 3.2.1, which fixes this issue.

6.5CVSS6.5AI score0.00598EPSS

CVE•added 2022/10/28 8:15 a.m.•83 views

CVE-2022-26884

Users can read any files by log server, Apache DolphinScheduler users should upgrade to version 2.0.6 or higher.

6.5CVSS6.3AI score0.00371EPSS

CVE•added 2022/11/01 4:15 p.m.•65 views

CVE-2022-34662

When users add resources to the resource center with a relation path will cause path traversal issues and only for logged-in users. You could upgrade to version 3.0.0 or higher

6.5CVSS6.5AI score0.00131EPSS

CVE•added 2021/01/11 10:15 a.m.•58 views

CVE-2020-13922

Versions of Apache DolphinScheduler prior to 1.3.2 allowed an ordinary user under any tenant to override another users password through the API interface.

6.5CVSS6.4AI score0.00831EPSS

CVE•added 2023/11/30 9:15 a.m.•38 views

CVE-2023-49620

Before DolphinScheduler version 3.1.0, the login user could delete UDF function in the resource center unauthorized (which almost used in sql task), with unauthorized access vulnerability (IDOR), but after version 3.1.0 we fixed this issue. We mark this cve as moderate level because it still requir...

6.5CVSS6.3AI score0.00249EPSS