Vulnerabilities (CVE)

Filtered by vendor Apache Subscribe

Filtered by product Dolphinscheduler

CVSS v3 Filter

ALL

NONE (0.0) LOW (0.1 - 3.9) MEDIUM (4.0 - 6.9) HIGH (7.0 - 8.9) CRITICAL (9.0 - 10.0)

Search

Total 2 CVE

CVE	Vendors	Products	Updated	CVSS v2	CVSS v3
CVE-2023-49620	1 Apache	1 Dolphinscheduler	2023-12-05	N/A	6.5 MEDIUM
Before DolphinScheduler version 3.1.0, the login user could delete UDF function in the resource center unauthorized (which almost used in sql task), with unauthorized access vulnerability (IDOR), but after version 3.1.0 we fixed this issue. We mark this cve as moderate level because it still requires user login to operate, please upgrade to version 3.1.0 to avoid this vulnerability
CVE-2020-13922	1 Apache	1 Dolphinscheduler	2021-01-14	4.0 MEDIUM	6.5 MEDIUM
Versions of Apache DolphinScheduler prior to 1.3.2 allowed an ordinary user under any tenant to override another users password through the API interface.