Apache

Dolphinscheduler

27 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.5

CVE-2023-50270

  • EPSS 1.04%
  • Veröffentlicht 20.02.2024 10:15:08
  • Zuletzt bearbeitet 18.03.2025 17:38:29

Session Fixation Apache DolphinScheduler before version 3.2.0, which session is still valid after the password change. Users are recommended to upgrade to version 3.2.1, which fixes this issue.

7.3

CVE-2023-49250

  • EPSS 0.17%
  • Veröffentlicht 20.02.2024 10:15:08
  • Zuletzt bearbeitet 18.03.2025 17:37:50

Because the HttpUtils class did not verify certificates, an attacker that could perform a Man-in-the-Middle (MITM) attack on outgoing https connections could impersonate the server. This issue affects Apache DolphinScheduler: before 3.2.0. Users ar...

9.8

CVE-2023-49109

  • EPSS 7.12%
  • Veröffentlicht 20.02.2024 10:15:07
  • Zuletzt bearbeitet 18.03.2025 17:37:00

Exposure of Remote Code Execution in Apache Dolphinscheduler. This issue affects Apache DolphinScheduler: before 3.2.1. We recommend users to upgrade Apache DolphinScheduler to version 3.2.1, which fixes the issue.

8.8

CVE-2023-49299

  • EPSS 0.59%
  • Veröffentlicht 30.12.2023 17:15:07
  • Zuletzt bearbeitet 13.02.2025 18:15:44

Improper Input Validation vulnerability in Apache DolphinScheduler. An authenticated user can cause arbitrary, unsandboxed javascript to be executed on the server.This issue affects Apache DolphinScheduler: until 3.1.9. Users are recommended to upgr...

6.5

CVE-2023-49620

  • EPSS 0.33%
  • Veröffentlicht 30.11.2023 09:15:07
  • Zuletzt bearbeitet 21.11.2024 08:33:38

Before DolphinScheduler version 3.1.0, the login user could delete UDF function in the resource center unauthorized (which almost used in sql task), with unauthorized access vulnerability (IDOR), but after version 3.1.0 we fixed this issue. We mark t...

7.5

CVE-2023-49068

  • EPSS 0.16%
  • Veröffentlicht 27.11.2023 10:15:08
  • Zuletzt bearbeitet 21.11.2024 08:32:45

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache DolphinScheduler.This issue affects Apache DolphinScheduler: before 3.2.1. Users are recommended to upgrade to version 3.2.1, which fixes the issue. At the time of di...

7.5

CVE-2023-48796

  • EPSS 0.35%
  • Veröffentlicht 24.11.2023 08:15:20
  • Zuletzt bearbeitet 28.11.2025 11:15:59

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache DolphinScheduler. The information exposed to unauthorized actors may include sensitive data such as database credentials. Users who can't upgrade to the fixed versio...

4.3

CVE-2023-25601

  • EPSS 0.38%
  • Veröffentlicht 20.04.2023 16:15:07
  • Zuletzt bearbeitet 13.02.2025 17:16:09

On version 3.0.0 through 3.1.1, Apache DolphinScheduler's python gateway suffered from improper authentication: an attacker could use a socket bytes attack without authentication. This issue has been fixed from version 3.1.2 onwards. For users who us...

9.8

CVE-2022-45875

  • EPSS 1.46%
  • Veröffentlicht 04.01.2023 15:15:09
  • Zuletzt bearbeitet 03.04.2025 16:15:28

Improper validation of script alert plugin parameters in Apache DolphinScheduler to avoid remote command execution vulnerability. This issue affects Apache DolphinScheduler version 3.0.1 and prior versions; version 3.1.0 and prior versions. This att...

7.5

CVE-2022-26885

  • EPSS 0.66%
  • Veröffentlicht 24.11.2022 16:15:17
  • Zuletzt bearbeitet 25.04.2025 19:15:44

When using tasks to read config files, there is a risk of database password disclosure. We recommend you upgrade to version 2.0.6 or higher.