Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Dolphinscheduler
(Apache)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 22 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2022-10-28 | CVE-2022-26884 | Users can read any files by log server, Apache DolphinScheduler users should upgrade to version 2.0.6 or higher. | Dolphinscheduler | 6.5 | ||
| 2022-11-01 | CVE-2022-34662 | When users add resources to the resource center with a relation path will cause path traversal issues and only for logged-in users. You could upgrade to version 3.0.0 or higher | Dolphinscheduler | 6.5 | ||
| 2024-02-20 | CVE-2023-49109 | Exposure of Remote Code Execution in Apache Dolphinscheduler. This issue affects Apache DolphinScheduler: before 3.2.1. We recommend users to upgrade Apache DolphinScheduler to version 3.2.1, which fixes the issue. | Dolphinscheduler | N/A | ||
| 2024-02-20 | CVE-2023-49250 | Because the HttpUtils class did not verify certificates, an attacker that could perform a Man-in-the-Middle (MITM) attack on outgoing https connections could impersonate the server. This issue affects Apache DolphinScheduler: before 3.2.0. Users are recommended to upgrade to version 3.2.1, which fixes the issue. | Dolphinscheduler | N/A | ||
| 2024-02-20 | CVE-2023-50270 | Session Fixation Apache DolphinScheduler before version 3.2.0, which session is still valid after the password change. Users are recommended to upgrade to version 3.2.1, which fixes this issue. | Dolphinscheduler | N/A | ||
| 2024-02-23 | CVE-2024-23320 | Improper Input Validation vulnerability in Apache DolphinScheduler. An authenticated user can cause arbitrary, unsandboxed javascript to be executed on the server. This issue is a legacy of CVE-2023-49299. We didn't fix it completely in CVE-2023-49299, and we added one more patch to fix it. This issue affects Apache DolphinScheduler: until 3.2.1. Users are recommended to upgrade to version 3.2.1, which fixes the issue. | Dolphinscheduler | N/A | ||
| 2024-08-12 | CVE-2024-29831 | Improper Input Validation vulnerability in Apache DolphinScheduler. An authenticated user can cause arbitrary, unsandboxed javascript to be executed on the server. If you are using the switch task plugin, please upgrade to version 3.2.2. | Dolphinscheduler | 8.8 | ||
| 2024-08-20 | CVE-2024-43202 | Exposure of Remote Code Execution in Apache Dolphinscheduler. This issue affects Apache DolphinScheduler: before 3.2.2. We recommend users to upgrade Apache DolphinScheduler to version 3.2.2, which fixes the issue. | Dolphinscheduler | 9.8 | ||
| 2024-08-12 | CVE-2024-30188 | File read and write vulnerability in Apache DolphinScheduler , authenticated users can illegally access additional resource files. This issue affects Apache DolphinScheduler: from 3.1.0 before 3.2.2. Users are recommended to upgrade to version 3.2.2, which fixes the issue. | Dolphinscheduler | 8.1 | ||
| 2023-01-04 | CVE-2022-45875 | Improper validation of script alert plugin parameters in Apache DolphinScheduler to avoid remote command execution vulnerability. This issue affects Apache DolphinScheduler version 3.0.1 and prior versions; version 3.1.0 and prior versions. This attack can be performed only by authenticated users which can login to DS. | Dolphinscheduler | 9.8 |