CVE-2023-49068

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache DolphinScheduler.This issue affects Apache DolphinScheduler: before 3.2.1. Users are recommended to upgrade to version 3.2.1, which fixes the issue. At the time of disclosure of this advisory, this version has not yet been released. In the mean time, we recommend you make sure the logs are only available to trusted operators.
Configurations

Configuration 1 (hide)

cpe:2.3:a:apache:dolphinscheduler:*:*:*:*:*:*:*:*

History

21 Nov 2024, 08:32

Type Values Removed Values Added
References () https://github.com/apache/dolphinscheduler/pull/15192 - Issue Tracking, Patch () https://github.com/apache/dolphinscheduler/pull/15192 - Issue Tracking, Patch
References () https://lists.apache.org/thread/jn6kr6mjdgtfgpxoq9j8q4pkfsq8zmpq - Mailing List, Vendor Advisory () https://lists.apache.org/thread/jn6kr6mjdgtfgpxoq9j8q4pkfsq8zmpq - Mailing List, Vendor Advisory

01 Dec 2023, 13:53

Type Values Removed Values Added
References () https://github.com/apache/dolphinscheduler/pull/15192 - () https://github.com/apache/dolphinscheduler/pull/15192 - Issue Tracking, Patch
References () https://lists.apache.org/thread/jn6kr6mjdgtfgpxoq9j8q4pkfsq8zmpq - () https://lists.apache.org/thread/jn6kr6mjdgtfgpxoq9j8q4pkfsq8zmpq - Mailing List, Vendor Advisory
CPE cpe:2.3:a:apache:dolphinscheduler:*:*:*:*:*:*:*:*
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 7.5
CWE NVD-CWE-noinfo

27 Nov 2023, 13:52

Type Values Removed Values Added
New CVE

Information

Published : 2023-11-27 10:15

Updated : 2024-11-21 08:32


NVD link : CVE-2023-49068

Mitre link : CVE-2023-49068

CVE.ORG link : CVE-2023-49068


JSON object : View

Products Affected

apache

  • dolphinscheduler
CWE
CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

NVD-CWE-noinfo