Lucene search
Veracode Vulnerability DatabaseVERACODE:40266HistoryApr 24, 2023 - 8:53 a.m.
Improper Authentication
2023-04-2408:53:10
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
5
improper authentication
dolphinscheduler
vulnerability
unauthorized actions
0.002 Low
EPSS
Percentile
61.5%
org.apache.dolphinscheduler:dolphinscheduler-api is vulnerable to Improper Authentication. The vulnerability allows an attacker to bypass authentication mechanisms to gain access and perform unauthorized actions.
| CPE | Name | Operator | Version |
|---|---|---|---|
| dolphinscheduler-api | le | 3.1.1 | |
| dolphinscheduler-api | le | 3.1.1 |
References
www.openwall.com/lists/oss-security/2023/04/20/10
github.com/advisories/GHSA-3jxw-cv35-2mmv
github.com/apache/dolphinscheduler/commit/416c41465dd490bd0546ac79f2c993004482ffe0
github.com/apache/dolphinscheduler/issues/6407
github.com/apache/dolphinscheduler/issues/8255
github.com/apache/dolphinscheduler/pull/12893
github.com/apache/dolphinscheduler/releases/tag/3.1.2
lists.apache.org/thread/25g77jqczp3t8cz56hk1p65q7m6c64rf
Related
cnvd
cnvd
Apache DolphinScheduler Authorization Issues Vulnerability
2023-04-23 00:00:00
osv
osv
CVE-2023-25601
2023-04-20 16:15:07
cve
cve
CVE-2023-25601
2023-04-20 16:15:07
nvd
nvd
CVE-2023-25601
2023-04-20 16:15:07
prion
prion
Authentication flaw
2023-04-20 16:15:00
cvelist
cvelist
github
github