Apache

Dolphinscheduler

24 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
9.8

CVE-2024-43166

  • EPSS 0.09%
  • Published 03.09.2025 09:10:24
  • Last modified 09.09.2025 16:15:19

Incorrect Default Permissions vulnerability in Apache DolphinScheduler. This issue affects Apache DolphinScheduler: before 3.2.2. Users are recommended to upgrade to version 3.3.1, which fixes the issue.

8.8

CVE-2024-43115

  • EPSS 0.06%
  • Published 03.09.2025 08:38:32
  • Last modified 09.09.2025 16:17:47

Improper Input Validation vulnerability in Apache DolphinScheduler. An authenticated user can execute any shell script server by alert script. This issue affects Apache DolphinScheduler: before 3.2.2. Users are recommended to upgrade to version 3....

9.8

CVE-2024-43202

  • EPSS 4.4%
  • Published 20.08.2024 08:15:05
  • Last modified 18.03.2025 15:57:37

Exposure of Remote Code Execution in Apache Dolphinscheduler. This issue affects Apache DolphinScheduler: before 3.2.2. We recommend users to upgrade Apache DolphinScheduler to version 3.2.2, which fixes the issue.

8.1

CVE-2024-30188

  • EPSS 87.01%
  • Published 12.08.2024 13:38:19
  • Last modified 13.03.2025 14:15:25

File read and write vulnerability in Apache DolphinScheduler ,  authenticated users can illegally access additional resource files. This issue affects Apache DolphinScheduler: from 3.1.0 before 3.2.2. Users are recommended to upgrade to version 3.2....

8.8

CVE-2024-29831

  • EPSS 0.25%
  • Published 12.08.2024 13:38:18
  • Last modified 18.03.2025 15:56:38

Improper Input Validation vulnerability in Apache DolphinScheduler. An authenticated user can cause arbitrary, unsandboxed javascript to be executed on the server. If you are using the switch task plugin, please upgrade to version 3.2.2.

8.8

CVE-2024-23320

  • EPSS 0.74%
  • Published 23.02.2024 17:15:08
  • Last modified 18.03.2025 17:54:12

Improper Input Validation vulnerability in Apache DolphinScheduler. An authenticated user can cause arbitrary, unsandboxed javascript to be executed on the server. This issue is a legacy of CVE-2023-49299. We didn't fix it completely in CVE-2023-492...

7.5

CVE-2023-51770

  • EPSS 1.01%
  • Published 20.02.2024 10:15:08
  • Last modified 27.03.2025 17:15:41

Arbitrary File Read Vulnerability in Apache Dolphinscheduler. This issue affects Apache DolphinScheduler: before 3.2.1. We recommend users to upgrade Apache DolphinScheduler to version 3.2.1, which fixes the issue.

6.5

CVE-2023-50270

  • EPSS 0.6%
  • Published 20.02.2024 10:15:08
  • Last modified 18.03.2025 17:38:29

Session Fixation Apache DolphinScheduler before version 3.2.0, which session is still valid after the password change. Users are recommended to upgrade to version 3.2.1, which fixes this issue.

7.3

CVE-2023-49250

  • EPSS 0.13%
  • Published 20.02.2024 10:15:08
  • Last modified 18.03.2025 17:37:50

Because the HttpUtils class did not verify certificates, an attacker that could perform a Man-in-the-Middle (MITM) attack on outgoing https connections could impersonate the server. This issue affects Apache DolphinScheduler: before 3.2.0. Users ar...

9.8

CVE-2023-49109

  • EPSS 5.38%
  • Published 20.02.2024 10:15:07
  • Last modified 18.03.2025 17:37:00

Exposure of Remote Code Execution in Apache Dolphinscheduler. This issue affects Apache DolphinScheduler: before 3.2.1. We recommend users to upgrade Apache DolphinScheduler to version 3.2.1, which fixes the issue.