- EPSS 0.43%
- Veröffentlicht 17.06.2026 09:00:12
- Zuletzt bearbeitet 17.06.2026 09:00:12
Allow authenticated users to access alert instances associated with alert groups they do not have permission to access. in Apache DolphinScheduler. This issue affects Apache DolphinScheduler: before 3.4.2. Users are recommended to upgrade to versio...
- EPSS 0.34%
- Veröffentlicht 17.06.2026 08:57:55
- Zuletzt bearbeitet 17.06.2026 08:57:55
Incorrect Authorization vulnerability of `/v2` experimental interface in Apache DolphinScheduler. This issue affects Apache DolphinScheduler: before 3.4.2. Users are recommended to upgrade to version 3.4.2, which fixes the issue.
- EPSS 0.31%
- Veröffentlicht 17.06.2026 08:56:55
- Zuletzt bearbeitet 17.06.2026 08:56:55
Incorrect Authorization vulnerability allows users to access workflow instance information belonging to projects they do not have permission to access. This issue affects Apache DolphinScheduler versions prior to 3.4.2. Users are recommended to up...
- EPSS 0.44%
- Veröffentlicht 17.06.2026 08:55:29
- Zuletzt bearbeitet 17.06.2026 08:55:29
Incorrect Authorization vulnerability allows users with system login privileges to delete task definitions in unauthorized projects This issue affects Apache DolphinScheduler versions prior to 3.4.2. Users are recommended to upgrade to version 3.4...
- EPSS 0.39%
- Veröffentlicht 17.06.2026 08:43:11
- Zuletzt bearbeitet 17.06.2026 08:43:11
DataSource API Missing Authorization Check Leads to Arbitrary Data Source Metadata Disclosure in Apache DolphinScheduler. This issue affects Apache DolphinScheduler: before 3.4.2. Users are recommended to upgrade to version 3.4.2, which fixes the i...
CVE-2026-23902
- EPSS 0.45%
- Veröffentlicht 24.04.2026 10:56:18
- Zuletzt bearbeitet 27.04.2026 13:42:29
Incorrect Authorization vulnerability in Apache DolphinScheduler allows authenticated users with system login permissions to use tenants that are not defined on the platform during workflow execution. This issue affects Apache DolphinScheduler versi...
CVE-2025-62233
- EPSS 0.54%
- Veröffentlicht 24.04.2026 10:54:55
- Zuletzt bearbeitet 27.04.2026 13:45:44
Deserialization of Untrusted Data vulnerability in Apache DolphinScheduler RPC module. This issue affects Apache DolphinScheduler: Version >= 3.2.0 and < 3.3.1. Attackers who can access the Master or Worker nodes can compromise the system by crea...
CVE-2025-62188
- EPSS 0.52%
- Veröffentlicht 09.04.2026 09:27:13
- Zuletzt bearbeitet 17.04.2026 12:57:33
An Exposure of Sensitive Information to an Unauthorized Actor vulnerability exists in Apache DolphinScheduler. This vulnerability may allow unauthorized actors to access sensitive information, including database credentials. This issue affects Apa...
CVE-2024-43166
- EPSS 0.5%
- Veröffentlicht 03.09.2025 09:10:24
- Zuletzt bearbeitet 04.11.2025 22:16:03
Incorrect Default Permissions vulnerability in Apache DolphinScheduler. This issue affects Apache DolphinScheduler: before 3.2.2. Users are recommended to upgrade to version 3.3.1, which fixes the issue.
CVE-2024-43115
- EPSS 0.46%
- Veröffentlicht 03.09.2025 08:38:32
- Zuletzt bearbeitet 04.11.2025 22:16:03
Improper Input Validation vulnerability in Apache DolphinScheduler. An authenticated user can execute any shell script server by alert script. This issue affects Apache DolphinScheduler: before 3.2.2. Users are recommended to upgrade to version 3....