CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-43202 – Apache DolphinScheduler: Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-43202
20 Aug 2024 — Exposure of Remote Code Execution in Apache Dolphinscheduler. This issue affects Apache DolphinScheduler: before 3.2.2. We recommend users to upgrade Apache DolphinScheduler to version 3.2.2, which fixes the issue. • https://github.com/apache/dolphinscheduler/pull/15758 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.5EPSS: 9%CPEs: 1EXPL: 0CVE-2024-30188 – Apache DolphinScheduler: Resource File Read And Write Vulnerability
https://notcve.org/view.php?id=CVE-2024-30188
09 Aug 2024 — File read and write vulnerability in Apache DolphinScheduler , authenticated users can illegally access additional resource files. This issue affects Apache DolphinScheduler: from 3.1.0 before 3.2.2. Users are recommended to upgrade to version 3.2.2, which fixes the issue. File read and write vulnerability in Apache DolphinScheduler , authenticated users can illegally access additional resource files. This issue affects Apache DolphinScheduler: from 3.1.0 before 3.2.2. Users are recommended to upgrade to ve... • https://lists.apache.org/thread/tbrt42mnr42bq6scxwt6bjr3s2pwyd07 • CWE-20: Improper Input Validation •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-29831 – Apache DolphinScheduler: RCE by arbitrary js execution
https://notcve.org/view.php?id=CVE-2024-29831
09 Aug 2024 — Improper Input Validation vulnerability in Apache DolphinScheduler. An authenticated user can cause arbitrary, unsandboxed javascript to be executed on the server. If you are using the switch task plugin, please upgrade to version 3.2.2. • https://lists.apache.org/thread/x1ch0x5om3srtbnp7rtsvdszho3mdrq0 • CWE-20: Improper Input Validation •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-23320 – Apache DolphinScheduler: Arbitrary js execution as root for authenticated users
https://notcve.org/view.php?id=CVE-2024-23320
23 Feb 2024 — Improper Input Validation vulnerability in Apache DolphinScheduler. An authenticated user can cause arbitrary, unsandboxed javascript to be executed on the server. This issue is a legacy of CVE-2023-49299. We didn't fix it completely in CVE-2023-49299, and we added one more patch to fix it. This issue affects Apache DolphinScheduler: until 3.2.1. • http://www.openwall.com/lists/oss-security/2024/02/23/3 • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-51770 – Apache DolphinScheduler: Arbitrary File Read Vulnerability
https://notcve.org/view.php?id=CVE-2023-51770
20 Feb 2024 — Arbitrary File Read Vulnerability in Apache Dolphinscheduler. This issue affects Apache DolphinScheduler: before 3.2.1. We recommend users to upgrade Apache DolphinScheduler to version 3.2.1, which fixes the issue. Vulnerabilidad de lectura de archivos arbitrarios en Apache Dolphinscheduler. Este problema afecta a Apache DolphinScheduler: versiones anteriores a 3.2.1. • http://www.openwall.com/lists/oss-security/2024/02/20/2 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-50270 – Apache DolphinScheduler: Session do not expire after password change
https://notcve.org/view.php?id=CVE-2023-50270
20 Feb 2024 — Session Fixation Apache DolphinScheduler before version 3.2.0, which session is still valid after the password change. Users are recommended to upgrade to version 3.2.1, which fixes this issue. Corrección de sesión de Apache DolphinScheduler anterior a la versión 3.2.0, cuya sesión sigue siendo válida después del cambio de contraseña. Se recomienda a los usuarios actualizar a la versión 3.2.1, que soluciona este problema. • https://github.com/apache/dolphinscheduler/pull/15219 • CWE-384: Session Fixation CWE-613: Insufficient Session Expiration •
CVSS: 7.4EPSS: 0%CPEs: 1EXPL: 0CVE-2023-49250 – Apache DolphinScheduler: Insecure TLS TrustManager used in HttpUtil
https://notcve.org/view.php?id=CVE-2023-49250
20 Feb 2024 — Because the HttpUtils class did not verify certificates, an attacker that could perform a Man-in-the-Middle (MITM) attack on outgoing https connections could impersonate the server. This issue affects Apache DolphinScheduler: before 3.2.0. Users are recommended to upgrade to version 3.2.1, which fixes the issue. Debido a que la clase HttpUtils no verificó los certificados, un atacante que pudiera realizar un ataque Man-in-the-Middle (MITM) en conexiones https salientes podría hacerse pasar por el servidor. ... • http://www.openwall.com/lists/oss-security/2024/02/20/1 • CWE-295: Improper Certificate Validation •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-49109 – Remote Code Execution in Apache Dolphinscheduler
https://notcve.org/view.php?id=CVE-2023-49109
20 Feb 2024 — Exposure of Remote Code Execution in Apache Dolphinscheduler. This issue affects Apache DolphinScheduler: before 3.2.1. We recommend users to upgrade Apache DolphinScheduler to version 3.2.1, which fixes the issue. Exposición de la ejecución remota de código en Apache Dolphinscheduler. Este problema afecta a Apache DolphinScheduler: versiones anteriores a 3.2.1. • http://www.openwall.com/lists/oss-security/2024/02/20/4 • CWE-94: Improper Control of Generation of Code ('Code Injection') •