Опубликовано: 09 фев. 2022
Источник: github
Github: Прошло ревью
CVSS4: 7.1
CVSS3: 6.5
Описание
Incorrect Default Permissions in Apache DolphinScheduler
Versions of Apache DolphinScheduler prior to 1.3.2 allowed an ordinary user under any tenant to override another users password through the API interface.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2020-13922
- https://github.com/apache/incubator-dolphinscheduler/commit/b8a9e2e00f2f207ae60c913a7173b59405ff95f1
- https://github.com/pypa/advisory-database/tree/main/vulns/apache-dolphinscheduler/PYSEC-2021-876.yaml
- https://www.mail-archive.com/announce%40apache.org/msg06076.html
- https://www.mail-archive.com/announce@apache.org/msg06076.html
Пакеты
Наименование
org.apache.dolphinscheduler:dolphinscheduler-api
maven
Затронутые версииВерсия исправления
< 1.3.2
1.3.2
Связанные уязвимости
CVSS3: 6.5
nvd
около 5 лет назад
Versions of Apache DolphinScheduler prior to 1.3.2 allowed an ordinary user under any tenant to override another users password through the API interface.