Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
apache dolphinscheduler vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2022-45875
Improper validation of script alert plugin parameters in Apache DolphinScheduler to avoid remote command execution vulnerability. This issue affects Apache DolphinScheduler version 3.0.1 and prior versions; version 3.1.0 and prior versions. This attack can be performed only by au...
Apache Dolphinscheduler
Apache Dolphinscheduler 3.1.0
9.8
CVSSv3
CVE-2022-45462
Alarm instance management has command injection when there is a specific command configured. It is only for logged-in users. We recommend you upgrade to version 2.0.6 or higher
Apache Dolphinscheduler
9.8
CVSSv3
CVE-2020-11974
In DolphinScheduler 1.2.0 and 1.2.1, with mysql connectorj a remote code execution vulnerability exists when choosing mysql as database.
Apache Dolphinscheduler 1.2.1
Apache Dolphinscheduler 1.2.0
1 Github repository
8.8
CVSSv3
CVE-2023-49299
Improper Input Validation vulnerability in Apache DolphinScheduler. An authenticated user can cause arbitrary, unsandboxed javascript to be executed on the server.This issue affects Apache DolphinScheduler: until 3.1.9. Users are recommended to upgrade to version 3.1.9, which fix...
Apache Dolphinscheduler
8.8
CVSSv3
CVE-2021-27644
In Apache DolphinScheduler prior to 1.3.6 versions, authorized users can use SQL injection in the data source center. (Only applicable to MySQL data source with internal login account password)
Apache Dolphinscheduler
7.5
CVSSv3
CVE-2023-49068
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache DolphinScheduler.This issue affects Apache DolphinScheduler: prior to 3.2.1. Users are recommended to upgrade to version 3.2.1, which fixes the issue. At the time of disclosure of this advisory, th...
Apache Dolphinscheduler
7.5
CVSSv3
CVE-2023-48796
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache DolphinScheduler. The information exposed to unauthorized actors may include sensitive data such as database credentials. Users who can't upgrade to the fixed version can also set environment ...
Apache Dolphinscheduler
7.5
CVSSv3
CVE-2022-26885
When using tasks to read config files, there is a risk of database password disclosure. We recommend you upgrade to version 2.0.6 or higher.
Apache Dolphinscheduler
7.5
CVSSv3
CVE-2022-25598
Apache DolphinScheduler user registration is vulnerable to Regular express Denial of Service (ReDoS) attacks, Apache DolphinScheduler users should upgrade to version 2.0.5 or higher.
Apache Dolphinscheduler
6.5
CVSSv3
CVE-2023-49620
Before DolphinScheduler version 3.1.0, the login user could delete UDF function in the resource center unauthorized (which almost used in sql task), with unauthorized access vulnerability (IDOR), but after version 3.1.0 we fixed this issue. We mark this cve as moderate level beca...
Apache Dolphinscheduler
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4761
command injection
CVE-2024-3676
IDOR
CVE-2024-30039
CVE-2024-32113
CVE-2024-30049
CVE-2024-4776
SQL injection
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »