Total
9 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-45462 | 1 Apache | 1 Dolphinscheduler | 2023-03-07 | N/A | 9.8 CRITICAL |
| Alarm instance management has command injection when there is a specific command configured. It is only for logged-in users. We recommend you upgrade to version 2.0.6 or higher | |||||
| CVE-2022-45875 | 1 Apache | 1 Dolphinscheduler | 2023-01-10 | N/A | 9.8 CRITICAL |
| Improper validation of script alert plugin parameters in Apache DolphinScheduler to avoid remote command execution vulnerability. This issue affects Apache DolphinScheduler version 3.0.1 and prior versions; version 3.1.0 and prior versions. | |||||
| CVE-2022-26885 | 1 Apache | 1 Dolphinscheduler | 2022-11-30 | N/A | 7.5 HIGH |
| When using tasks to read config files, there is a risk of database password disclosure. We recommend you upgrade to version 2.0.6 or higher. | |||||
| CVE-2022-34662 | 1 Apache | 1 Dolphinscheduler | 2022-11-02 | N/A | 6.5 MEDIUM |
| When users add resources to the resource center with a relation path will cause path traversal issues and only for logged-in users. You could upgrade to version 3.0.0 or higher | |||||
| CVE-2022-26884 | 1 Apache | 1 Dolphinscheduler | 2022-10-31 | N/A | 6.5 MEDIUM |
| Users can read any files by log server, Apache DolphinScheduler users should upgrade to version 2.0.6 or higher. | |||||
| CVE-2022-25598 | 1 Apache | 1 Dolphinscheduler | 2022-04-04 | 5.0 MEDIUM | 7.5 HIGH |
| Apache DolphinScheduler user registration is vulnerable to Regular express Denial of Service (ReDoS) attacks, Apache DolphinScheduler users should upgrade to version 2.0.5 or higher. | |||||
| CVE-2021-27644 | 1 Apache | 1 Dolphinscheduler | 2021-11-02 | 6.0 MEDIUM | 8.8 HIGH |
| In Apache DolphinScheduler before 1.3.6 versions, authorized users can use SQL injection in the data source center. (Only applicable to MySQL data source with internal login account password) | |||||
| CVE-2020-11974 | 1 Apache | 1 Dolphinscheduler | 2021-03-22 | 7.5 HIGH | 9.8 CRITICAL |
| In DolphinScheduler 1.2.0 and 1.2.1, with mysql connectorj a remote code execution vulnerability exists when choosing mysql as database. | |||||
| CVE-2020-13922 | 1 Apache | 1 Dolphinscheduler | 2021-01-14 | 4.0 MEDIUM | 6.5 MEDIUM |
| Versions of Apache DolphinScheduler prior to 1.3.2 allowed an ordinary user under any tenant to override another users password through the API interface. | |||||