Lucene search
Veracode Vulnerability DatabaseVERACODE:42869HistoryAug 22, 2023 - 2:31 a.m.
Password Disclosure
2023-08-2202:31:37
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
8
dolphinscheduler-server
password disclosure
vulnerability
loggerrequestprocessor
config files
database password
CVSS3
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS
0.001
Percentile
46.6%
dolphinscheduler-server is vulnerable to Password Disclosure. The vulnerability exists due to improper handling of logs in the process function of LoggerRequestProcessor.java, allowing an attacker to utilize tasks to read config files, which could include the database password.
Related
osv
osv
CVE-2022-26885
2022-11-24 16:15:17
Apache Dolphin Scheduler has insufficiently protected credentials
2022-11-24 18:30:28
github
github
Apache Dolphin Scheduler has insufficiently protected credentials
2022-11-24 18:30:28
nvd
nvd
CVE-2022-26885
2022-11-24 16:15:17
cve
cve
CVE-2022-26885
2022-11-24 16:15:17
cvelist
cvelist
CVE-2022-26885 Apache DolphinScheduler config file read by task risk
2022-11-24 00:00:00
prion
prion
Design/Logic Flaw
2022-11-24 16:15:00
CVSS3
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS
0.001
Percentile
46.6%
Related for VERACODE:42869