Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
apache dolphinscheduler vulnerabilities and exploits
(subscribe to this query)
356
VMScore
CVE-2020-13922
Versions of Apache DolphinScheduler before 1.3.2 allowed an ordinary user under any tenant to override another users password through the API interface.
Apache Dolphinscheduler 1.2.1
Apache Dolphinscheduler 1.2.0
Apache Dolphinscheduler 1.3.1
1 Github repository
NA
CVE-2022-45875
Improper validation of script alert plugin parameters in Apache DolphinScheduler to avoid remote command execution vulnerability. This issue affects Apache DolphinScheduler version 3.0.1 and prior versions; version 3.1.0 and prior versions. This attack can be performed only by au...
Apache Dolphinscheduler
Apache Dolphinscheduler 3.1.0
668
VMScore
CVE-2020-11974
In DolphinScheduler 1.2.0 and 1.2.1, with mysql connectorj a remote code execution vulnerability exists when choosing mysql as database.
Apache Dolphinscheduler 1.2.1
Apache Dolphinscheduler 1.2.0
1 Github repository
NA
CVE-2023-25601
On version 3.0.0 up to and including 3.1.1, Apache DolphinScheduler's python gateway suffered from improper authentication: an attacker could use a socket bytes attack without authentication. This issue has been fixed from version 3.1.2 onwards. For users who use version 3.0...
Apache Dolphinscheduler
NA
CVE-2022-34662
When users add resources to the resource center with a relation path will cause path traversal issues and only for logged-in users. You could upgrade to version 3.0.0 or higher
Apache Dolphinscheduler
NA
CVE-2022-45462
Alarm instance management has command injection when there is a specific command configured. It is only for logged-in users. We recommend you upgrade to version 2.0.6 or higher
Apache Dolphinscheduler
445
VMScore
CVE-2022-25598
Apache DolphinScheduler user registration is vulnerable to Regular express Denial of Service (ReDoS) attacks, Apache DolphinScheduler users should upgrade to version 2.0.5 or higher.
Apache Dolphinscheduler
NA
CVE-2023-49068
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache DolphinScheduler.This issue affects Apache DolphinScheduler: prior to 3.2.1. Users are recommended to upgrade to version 3.2.1, which fixes the issue. At the time of disclosure of this advisory, th...
Apache Dolphinscheduler
NA
CVE-2023-48796
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache DolphinScheduler. The information exposed to unauthorized actors may include sensitive data such as database credentials. Users who can't upgrade to the fixed version can also set environment ...
Apache Dolphinscheduler
NA
CVE-2022-26884
Users can read any files by log server, Apache DolphinScheduler users should upgrade to version 2.0.6 or higher.
Apache Dolphinscheduler
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463
CVE-2024-29895
inject
CVE-2023-52689
CVE-2024-5049
CVE-2024-5051
privilege escalation
physical
CVE-2023-52676
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »