Search
Search Results (25 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-13922 | 1 Apache | 1 Dolphinscheduler | 2025-02-13 | 6.5 Medium |
| Versions of Apache DolphinScheduler prior to 1.3.2 allowed an ordinary user under any tenant to override another users password through the API interface. | ||||
| CVE-2023-49068 | 1 Apache | 1 Dolphinscheduler | 2024-11-21 | 7.5 High |
| Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache DolphinScheduler.This issue affects Apache DolphinScheduler: before 3.2.1. Users are recommended to upgrade to version 3.2.1, which fixes the issue. At the time of disclosure of this advisory, this version has not yet been released. In the mean time, we recommend you make sure the logs are only available to trusted operators. | ||||
| CVE-2022-25598 | 1 Apache | 1 Dolphinscheduler | 2024-11-21 | 7.5 High |
| Apache DolphinScheduler user registration is vulnerable to Regular express Denial of Service (ReDoS) attacks, Apache DolphinScheduler users should upgrade to version 2.0.5 or higher. | ||||
| CVE-2021-27644 | 1 Apache | 1 Dolphinscheduler | 2024-11-21 | 8.8 High |
| In Apache DolphinScheduler before 1.3.6 versions, authorized users can use SQL injection in the data source center. (Only applicable to MySQL data source with internal login account password) | ||||
| CVE-2020-11974 | 1 Apache | 1 Dolphinscheduler | 2024-11-21 | 9.8 Critical |
| In DolphinScheduler 1.2.0 and 1.2.1, with mysql connectorj a remote code execution vulnerability exists when choosing mysql as database. | ||||