GHSA-4vv4-crw4-8pcw

Опубликовано: 12 авг. 2024

Источник: github

Github: Прошло ревью

CVSS4: 8.6

CVSS3: 8.1

Описание

Apache DolphinScheduler: Resource File Read And Write Vulnerability

File read and write vulnerability in Apache DolphinScheduler, authenticated users can illegally access additional resource files. This issue affects Apache DolphinScheduler: from 3.1.0 before 3.2.2.

Users are recommended to upgrade to version 3.2.2, which fixes the issue.

Ссылки

Пакеты

Наименование

org.apache.dolphinscheduler:dolphinscheduler

maven

Затронутые версииВерсия исправления

>= 3.1.0, < 3.2.2

3.2.2

EPSS

Процентиль: 99%

0.88243

Высокий

8.6 High

CVSS4

8.1 High

CVSS3

CVE ID

CVE-2024-30188

Дефекты

CWE-20

Связанные уязвимости

CVE-2024-30188

CVSS3: 8.1

nvd

больше 1 года назад

File read and write vulnerability in Apache DolphinScheduler , authenticated users can illegally access additional resource files. This issue affects Apache DolphinScheduler: from 3.1.0 before 3.2.2. Users are recommended to upgrade to version 3.2.2, which fixes the issue.

EPSS

Процентиль: 99%

0.88243

Высокий

8.6 High

CVSS4

8.1 High

CVSS3

CVE ID

CVE-2024-30188

Дефекты

CWE-20