dolphinscheduler-api is vulnerable to authorization bypass. An authenticated user under any tenant is able to override the passwords of other users via the API interface /dolphinscheduler/users/update
.
CPE | Name | Operator | Version |
---|---|---|---|
dolphinscheduler-api | le | 1.3.1 |