Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache DolphinScheduler.This issue affects Apache DolphinScheduler: before 3.2.1.
Users are recommended to upgrade to version 3.2.1, which fixes the issue. At the time of disclosure of this advisory, this version has not yet been released. In the mean time, we recommend you make sure the logs are only available to trusted operators.
References
Link | Resource |
---|---|
https://github.com/apache/dolphinscheduler/pull/15192 | Issue Tracking Patch |
https://lists.apache.org/thread/jn6kr6mjdgtfgpxoq9j8q4pkfsq8zmpq | Mailing List Vendor Advisory |
https://github.com/apache/dolphinscheduler/pull/15192 | Issue Tracking Patch |
https://lists.apache.org/thread/jn6kr6mjdgtfgpxoq9j8q4pkfsq8zmpq | Mailing List Vendor Advisory |
Configurations
History
21 Nov 2024, 08:32
Type | Values Removed | Values Added |
---|---|---|
References | () https://github.com/apache/dolphinscheduler/pull/15192 - Issue Tracking, Patch | |
References | () https://lists.apache.org/thread/jn6kr6mjdgtfgpxoq9j8q4pkfsq8zmpq - Mailing List, Vendor Advisory |
01 Dec 2023, 13:53
Type | Values Removed | Values Added |
---|---|---|
References | () https://github.com/apache/dolphinscheduler/pull/15192 - Issue Tracking, Patch | |
References | () https://lists.apache.org/thread/jn6kr6mjdgtfgpxoq9j8q4pkfsq8zmpq - Mailing List, Vendor Advisory | |
CPE | cpe:2.3:a:apache:dolphinscheduler:*:*:*:*:*:*:*:* | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.5 |
CWE | NVD-CWE-noinfo |
27 Nov 2023, 13:52
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-11-27 10:15
Updated : 2024-11-21 08:32
NVD link : CVE-2023-49068
Mitre link : CVE-2023-49068
CVE.ORG link : CVE-2023-49068
JSON object : View
Products Affected
apache
- dolphinscheduler
CWE