Apache

Dolphinscheduler

27 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
8.1

CVE-2026-23902

  • EPSS 0.05%
  • Veröffentlicht 24.04.2026 10:56:18
  • Zuletzt bearbeitet 27.04.2026 13:42:29

Incorrect Authorization vulnerability in Apache DolphinScheduler allows authenticated users with system login permissions to use tenants that are not defined on the platform during workflow execution. This issue affects Apache DolphinScheduler versi...

6.3

CVE-2025-62233

  • EPSS 0.09%
  • Veröffentlicht 24.04.2026 10:54:55
  • Zuletzt bearbeitet 27.04.2026 13:45:44

Deserialization of Untrusted Data vulnerability in Apache DolphinScheduler RPC module. This issue affects Apache DolphinScheduler:  Version >= 3.2.0 and < 3.3.1. Attackers who can access the Master or Worker nodes can compromise the system by crea...

7.5

CVE-2025-62188

  • EPSS 0.03%
  • Veröffentlicht 09.04.2026 09:27:13
  • Zuletzt bearbeitet 17.04.2026 12:57:33

An Exposure of Sensitive Information to an Unauthorized Actor vulnerability exists in Apache DolphinScheduler. This vulnerability may allow unauthorized actors to access sensitive information, including database credentials. This issue affects Apa...

9.8

CVE-2024-43166

  • EPSS 0.16%
  • Veröffentlicht 03.09.2025 09:10:24
  • Zuletzt bearbeitet 04.11.2025 22:16:03

Incorrect Default Permissions vulnerability in Apache DolphinScheduler. This issue affects Apache DolphinScheduler: before 3.2.2. Users are recommended to upgrade to version 3.3.1, which fixes the issue.

8.8

CVE-2024-43115

  • EPSS 0.1%
  • Veröffentlicht 03.09.2025 08:38:32
  • Zuletzt bearbeitet 04.11.2025 22:16:03

Improper Input Validation vulnerability in Apache DolphinScheduler. An authenticated user can execute any shell script server by alert script. This issue affects Apache DolphinScheduler: before 3.2.2. Users are recommended to upgrade to version 3....

9.8

CVE-2024-43202

  • EPSS 7.66%
  • Veröffentlicht 20.08.2024 08:15:05
  • Zuletzt bearbeitet 18.03.2025 15:57:37

Exposure of Remote Code Execution in Apache Dolphinscheduler. This issue affects Apache DolphinScheduler: before 3.2.2. We recommend users to upgrade Apache DolphinScheduler to version 3.2.2, which fixes the issue.

8.1

CVE-2024-30188

  • EPSS 88.51%
  • Veröffentlicht 12.08.2024 13:38:19
  • Zuletzt bearbeitet 13.03.2025 14:15:25

File read and write vulnerability in Apache DolphinScheduler ,  authenticated users can illegally access additional resource files. This issue affects Apache DolphinScheduler: from 3.1.0 before 3.2.2. Users are recommended to upgrade to version 3.2....

8.8

CVE-2024-29831

  • EPSS 0.34%
  • Veröffentlicht 12.08.2024 13:38:18
  • Zuletzt bearbeitet 18.03.2025 15:56:38

Improper Input Validation vulnerability in Apache DolphinScheduler. An authenticated user can cause arbitrary, unsandboxed javascript to be executed on the server. If you are using the switch task plugin, please upgrade to version 3.2.2.

8.8

CVE-2024-23320

  • EPSS 0.74%
  • Veröffentlicht 23.02.2024 17:15:08
  • Zuletzt bearbeitet 18.03.2025 17:54:12

Improper Input Validation vulnerability in Apache DolphinScheduler. An authenticated user can cause arbitrary, unsandboxed javascript to be executed on the server. This issue is a legacy of CVE-2023-49299. We didn't fix it completely in CVE-2023-492...

7.5

CVE-2023-51770

  • EPSS 1.34%
  • Veröffentlicht 20.02.2024 10:15:08
  • Zuletzt bearbeitet 27.03.2025 17:15:41

Arbitrary File Read Vulnerability in Apache Dolphinscheduler. This issue affects Apache DolphinScheduler: before 3.2.1. We recommend users to upgrade Apache DolphinScheduler to version 3.2.1, which fixes the issue.