CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-49299 – Apache DolphinScheduler: Arbitrary js execute as root for authenticated users
https://notcve.org/view.php?id=CVE-2023-49299
30 Dec 2023 — Improper Input Validation vulnerability in Apache DolphinScheduler. An authenticated user can cause arbitrary, unsandboxed javascript to be executed on the server.This issue affects Apache DolphinScheduler: until 3.1.9. Users are recommended to upgrade to version 3.1.9, which fixes the issue. Vulnerabilidad de validación de entrada incorrecta en Apache DolphinScheduler. Un usuario autenticado puede hacer que se ejecute javascript arbitrario y sin espacio aislado en el servidor. • http://www.openwall.com/lists/oss-security/2024/02/23/3 • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-49068 – Apache DolphinScheduler: Information Leakage Vulnerability
https://notcve.org/view.php?id=CVE-2023-49068
27 Nov 2023 — Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache DolphinScheduler.This issue affects Apache DolphinScheduler: before 3.2.1. Users are recommended to upgrade to version 3.2.1, which fixes the issue. At the time of disclosure of this advisory, this version has not yet been released. In the mean time, we recommend you make sure the logs are only available to trusted operators. Exposición de información confidencial a una vulnerabilidad de actor no autorizado en Apache DolphinS... • https://github.com/apache/dolphinscheduler/pull/15192 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-25601 – Apache DolphinScheduler 3.0.0 to 3.1.1 python gateway has improper authentication
https://notcve.org/view.php?id=CVE-2023-25601
20 Apr 2023 — On version 3.0.0 through 3.1.1, Apache DolphinScheduler's python gateway suffered from improper authentication: an attacker could use a socket bytes attack without authentication. This issue has been fixed from version 3.1.2 onwards. For users who use version 3.0.0 to 3.1.1, you can turn off the python-gateway function by changing the value `python-gateway.enabled=false` in configuration file `application.yaml`. If you are using the python gateway, please upgrade to version 3.1.2 or above. • http://www.openwall.com/lists/oss-security/2023/04/20/10 • CWE-287: Improper Authentication •
CVSS: 10.0EPSS: 1%CPEs: 2EXPL: 0CVE-2022-45875 – Apache DolphinScheduler: Remote command execution Vulnerability in script alert plugin
https://notcve.org/view.php?id=CVE-2022-45875
04 Jan 2023 — Improper validation of script alert plugin parameters in Apache DolphinScheduler to avoid remote command execution vulnerability. This issue affects Apache DolphinScheduler version 3.0.1 and prior versions; version 3.1.0 and prior versions. This attack can be performed only by authenticated users which can login to DS. Validación incorrecta de los parámetros del complemento de alerta de script en Apache DolphinScheduler para evitar la vulnerabilidad de ejecución remota de comandos. Este problema afecta a Ap... • http://www.openwall.com/lists/oss-security/2023/11/22/2 • CWE-20: Improper Input Validation •