CVE-2023-49068

Published: 27/11/2023 Updated: 01/12/2023

CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9

VMScore: 0

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache DolphinScheduler.This issue affects Apache DolphinScheduler: prior to 3.2.1. Users are recommended to upgrade to version 3.2.1, which fixes the issue. At the time of disclosure of this advisory, this version has not yet been released. In the mean time, we recommend you make sure the logs are only available to trusted operators.

Vulnerable Product	Search on Vulmon	Subscribe to Product
apache dolphinscheduler

Severity: important Affected versions: - Apache DolphinScheduler before 321 Description: Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache DolphinSchedulerThis issue affects Apache DolphinScheduler: 321 Users are recommended to upgrade to version [FIXED_VERSION], which fixes the issue References: http ...

On Fri, Nov 24, 2023 at 05:29:43AM +0000, Zihao Xiang wrote: So <321 is affected, but also =321, and "[FIXED_VERSION]" was seemingly not replaced in the template What are the correct affected and unaffected versions? I tried to dig into what releases the fix commit is in, but I found that that commit doesn't seem to be in any tags yet, ei ...

NVD-CWE-noinfo https://github.com/apache/dolphinscheduler/pull/15192 https://lists.apache.org/thread/jn6kr6mjdgtfgpxoq9j8q4pkfsq8zmpq https://nvd.nist.gov https://seclists.org/oss-sec/2023/q4/233

CVE-2023-49068

Vulnerability Summary

Mailing Lists

References

Vulmon Search

About

Products

Connect