Apache

Dolphinscheduler

24 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
9.8

CVE-2024-43166

  • EPSS 0.09%
  • Veröffentlicht 03.09.2025 09:10:24
  • Zuletzt bearbeitet 09.09.2025 16:15:19

Incorrect Default Permissions vulnerability in Apache DolphinScheduler. This issue affects Apache DolphinScheduler: before 3.2.2. Users are recommended to upgrade to version 3.3.1, which fixes the issue.

8.8

CVE-2024-43115

  • EPSS 0.06%
  • Veröffentlicht 03.09.2025 08:38:32
  • Zuletzt bearbeitet 09.09.2025 16:17:47

Improper Input Validation vulnerability in Apache DolphinScheduler. An authenticated user can execute any shell script server by alert script. This issue affects Apache DolphinScheduler: before 3.2.2. Users are recommended to upgrade to version 3....

9.8

CVE-2024-43202

  • EPSS 4.4%
  • Veröffentlicht 20.08.2024 08:15:05
  • Zuletzt bearbeitet 18.03.2025 15:57:37

Exposure of Remote Code Execution in Apache Dolphinscheduler. This issue affects Apache DolphinScheduler: before 3.2.2. We recommend users to upgrade Apache DolphinScheduler to version 3.2.2, which fixes the issue.

8.1

CVE-2024-30188

  • EPSS 87.01%
  • Veröffentlicht 12.08.2024 13:38:19
  • Zuletzt bearbeitet 13.03.2025 14:15:25

File read and write vulnerability in Apache DolphinScheduler ,  authenticated users can illegally access additional resource files. This issue affects Apache DolphinScheduler: from 3.1.0 before 3.2.2. Users are recommended to upgrade to version 3.2....

8.8

CVE-2024-29831

  • EPSS 0.25%
  • Veröffentlicht 12.08.2024 13:38:18
  • Zuletzt bearbeitet 18.03.2025 15:56:38

Improper Input Validation vulnerability in Apache DolphinScheduler. An authenticated user can cause arbitrary, unsandboxed javascript to be executed on the server. If you are using the switch task plugin, please upgrade to version 3.2.2.

8.8

CVE-2024-23320

  • EPSS 0.74%
  • Veröffentlicht 23.02.2024 17:15:08
  • Zuletzt bearbeitet 18.03.2025 17:54:12

Improper Input Validation vulnerability in Apache DolphinScheduler. An authenticated user can cause arbitrary, unsandboxed javascript to be executed on the server. This issue is a legacy of CVE-2023-49299. We didn't fix it completely in CVE-2023-492...

7.5

CVE-2023-51770

  • EPSS 1.01%
  • Veröffentlicht 20.02.2024 10:15:08
  • Zuletzt bearbeitet 27.03.2025 17:15:41

Arbitrary File Read Vulnerability in Apache Dolphinscheduler. This issue affects Apache DolphinScheduler: before 3.2.1. We recommend users to upgrade Apache DolphinScheduler to version 3.2.1, which fixes the issue.

6.5

CVE-2023-50270

  • EPSS 0.6%
  • Veröffentlicht 20.02.2024 10:15:08
  • Zuletzt bearbeitet 18.03.2025 17:38:29

Session Fixation Apache DolphinScheduler before version 3.2.0, which session is still valid after the password change. Users are recommended to upgrade to version 3.2.1, which fixes this issue.

7.3

CVE-2023-49250

  • EPSS 0.13%
  • Veröffentlicht 20.02.2024 10:15:08
  • Zuletzt bearbeitet 18.03.2025 17:37:50

Because the HttpUtils class did not verify certificates, an attacker that could perform a Man-in-the-Middle (MITM) attack on outgoing https connections could impersonate the server. This issue affects Apache DolphinScheduler: before 3.2.0. Users ar...

9.8

CVE-2023-49109

  • EPSS 5.38%
  • Veröffentlicht 20.02.2024 10:15:07
  • Zuletzt bearbeitet 18.03.2025 17:37:00

Exposure of Remote Code Execution in Apache Dolphinscheduler. This issue affects Apache DolphinScheduler: before 3.2.1. We recommend users to upgrade Apache DolphinScheduler to version 3.2.1, which fixes the issue.