Apache: >> Dolphinscheduler >> 1.3.8 Security Vulnerabilities
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache DolphinScheduler.This issue affects Apache DolphinScheduler: before 3.2.1.
Users are recommended to upgrade to version 3.2.1, which fixes the issue. At the time of disclosure of this advisory, this version has not yet been released. In the mean time, we recommend you make sure the logs are only available to trusted operators.
CVSS Score
7.5
EPSS Score
0.002
Published
2023-11-27
Improper validation of script alert plugin parameters in Apache DolphinScheduler to avoid remote command execution vulnerability. This issue affects Apache DolphinScheduler version 3.0.1 and prior versions; version 3.1.0 and prior versions.
This attack can be performed only by authenticated users which can login to DS.
CVSS Score
9.8
EPSS Score
0.022
Published
2023-01-04
When using tasks to read config files, there is a risk of database password disclosure. We recommend you upgrade to version 2.0.6 or higher.
CVSS Score
7.5
EPSS Score
0.007
Published
2022-11-24
Alarm instance management has command injection when there is a specific command configured. It is only for logged-in users. We recommend you upgrade to version 2.0.6 or higher
CVSS Score
9.8
EPSS Score
0.213
Published
2022-11-23
When users add resources to the resource center with a relation path will cause path traversal issues and only for logged-in users. You could upgrade to version 3.0.0 or higher
CVSS Score
6.5
EPSS Score
0.01
Published
2022-11-01
Users can read any files by log server, Apache DolphinScheduler users should upgrade to version 2.0.6 or higher.
CVSS Score
6.5
EPSS Score
0.016
Published
2022-10-28
Apache DolphinScheduler user registration is vulnerable to Regular express Denial of Service (ReDoS) attacks, Apache DolphinScheduler users should upgrade to version 2.0.5 or higher.
CVSS Score
7.5
EPSS Score
0.011
Published
2022-03-30
Page 2