Количество 2
Количество 2
CVE-2023-49620
Before DolphinScheduler version 3.1.0, the login user could delete UDF function in the resource center unauthorized (which almost used in sql task), with unauthorized access vulnerability (IDOR), but after version 3.1.0 we fixed this issue. We mark this cve as moderate level because it still requires user login to operate, please upgrade to version 3.1.0 to avoid this vulnerability
GHSA-r44q-98gx-pmh2
Apache DolphinScheduler Missing Authorization vulnerability
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2023-49620 Before DolphinScheduler version 3.1.0, the login user could delete UDF function in the resource center unauthorized (which almost used in sql task), with unauthorized access vulnerability (IDOR), but after version 3.1.0 we fixed this issue. We mark this cve as moderate level because it still requires user login to operate, please upgrade to version 3.1.0 to avoid this vulnerability | CVSS3: 6.5 | 0% Низкий | около 2 лет назад |
| GHSA-r44q-98gx-pmh2 Apache DolphinScheduler Missing Authorization vulnerability | CVSS3: 6.5 | 0% Низкий | около 2 лет назад |
Уязвимостей на страницу