Skip to main content

Dolphinscheduler

18 CVEs product

Monthly

CVE-2024-43166 Maven CRITICAL PATCH This Week

Incorrect Default Permissions vulnerability in Apache DolphinScheduler.2.2. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Apache Dolphinscheduler
NVD
CVSS 3.1
9.8
EPSS
0.1%
CVE-2024-43115 Maven HIGH PATCH This Month

Improper Input Validation vulnerability in Apache DolphinScheduler. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Apache Dolphinscheduler
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2024-43202 Maven CRITICAL PATCH Act Now

Exposure of Remote Code Execution in Apache Dolphinscheduler.2.2. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

Code Injection Apache RCE Dolphinscheduler
NVD GitHub
CVSS 3.1
9.8
EPSS
2.1%
CVE-2024-30188 Maven HIGH POC PATCH This Week

File read and write vulnerability in Apache DolphinScheduler , authenticated users can illegally access additional resource files.1.0 before 3.2.2. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apache Information Disclosure Dolphinscheduler
NVD
CVSS 3.1
8.1
EPSS
6.0%
CVE-2024-29831 Maven HIGH PATCH This Week

Improper Input Validation vulnerability in Apache DolphinScheduler. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apache Information Disclosure Dolphinscheduler
NVD
CVSS 3.1
8.8
EPSS
1.2%
CVE-2024-23320 Maven HIGH PATCH This Week

Improper Input Validation vulnerability in Apache DolphinScheduler. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Apache Information Disclosure Dolphinscheduler
NVD GitHub
CVSS 3.1
8.8
EPSS
1.4%
CVE-2023-49299 Maven HIGH PATCH This Week

Improper Input Validation vulnerability in Apache DolphinScheduler. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Apache Information Disclosure Dolphinscheduler
NVD GitHub
CVSS 3.1
8.8
EPSS
1.4%
CVE-2023-49620 Maven MEDIUM PATCH This Month

Before DolphinScheduler version 3.1.0, the login user could delete UDF function in the resource center unauthorized (which almost used in sql task), with unauthorized access vulnerability (IDOR), but. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Authentication Bypass Dolphinscheduler
NVD GitHub
CVSS 3.1
6.5
EPSS
1.1%
CVE-2023-49068 Maven HIGH PATCH This Week

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache DolphinScheduler.2.1. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Apache Information Disclosure Dolphinscheduler
NVD GitHub
CVSS 3.1
7.5
EPSS
1.1%
CVE-2023-48796 LIB HIGH PATCH This Week

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache DolphinScheduler. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Information Disclosure Dolphinscheduler
NVD
CVSS 3.1
7.5
EPSS
1.2%
CVE-2023-25601 Maven MEDIUM PATCH This Month

On version 3.0.0 through 3.1.1, Apache DolphinScheduler's python gateway suffered from improper authentication: an attacker could use a socket bytes attack without authentication. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apache Python Authentication Bypass Dolphinscheduler
NVD
CVSS 3.1
4.3
EPSS
1.1%
CVE-2022-26885 Maven HIGH PATCH This Week

When using tasks to read config files, there is a risk of database password disclosure. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Dolphinscheduler
NVD
CVSS 3.1
7.5
EPSS
1.2%
CVE-2022-45462 Maven CRITICAL PATCH Act Now

Alarm instance management has command injection when there is a specific command configured. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Dolphinscheduler
NVD
CVSS 3.1
9.8
EPSS
2.8%
CVE-2022-34662 Maven MEDIUM PATCH This Month

When users add resources to the resource center with a relation path will cause path traversal issues and only for logged-in users. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Dolphinscheduler
NVD
CVSS 3.1
6.5
EPSS
1.4%
CVE-2022-26884 Maven MEDIUM PATCH This Month

Users can read any files by log server, Apache DolphinScheduler users should upgrade to version 2.0.6 or higher. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apache Path Traversal Dolphinscheduler
NVD
CVSS 3.1
6.5
EPSS
1.5%
CVE-2022-25598 LIB HIGH PATCH This Week

Apache DolphinScheduler user registration is vulnerable to Regular express Denial of Service (ReDoS) attacks, Apache DolphinScheduler users should upgrade to version 2.0.5 or higher. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Apache Dolphinscheduler
NVD
CVSS 3.1
7.5
EPSS
1.9%
CVE-2021-27644 Maven HIGH PATCH This Week

In Apache DolphinScheduler before 1.3.6 versions, authorized users can use SQL injection in the data source center. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Apache Privilege Escalation Dolphinscheduler
NVD
CVSS 3.1
8.8
EPSS
1.9%
CVE-2020-11974 Maven CRITICAL PATCH Act Now

In DolphinScheduler 1.2.0 and 1.2.1, with mysql connectorj a remote code execution vulnerability exists when choosing mysql as database. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Dolphinscheduler
NVD
CVSS 3.1
9.8
EPSS
7.6%
EPSS 0% CVSS 9.8
CRITICAL PATCH This Week

Incorrect Default Permissions vulnerability in Apache DolphinScheduler.2.2. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Apache Dolphinscheduler
NVD
EPSS 0% CVSS 8.8
HIGH PATCH This Month

Improper Input Validation vulnerability in Apache DolphinScheduler. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Apache Dolphinscheduler
NVD
EPSS 2% CVSS 9.8
CRITICAL PATCH Act Now

Exposure of Remote Code Execution in Apache Dolphinscheduler.2.2. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

Code Injection Apache RCE +1
NVD GitHub
EPSS 6% CVSS 8.1
HIGH POC PATCH This Week

File read and write vulnerability in Apache DolphinScheduler , authenticated users can illegally access additional resource files.1.0 before 3.2.2. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apache Information Disclosure Dolphinscheduler
NVD
EPSS 1% CVSS 8.8
HIGH PATCH This Week

Improper Input Validation vulnerability in Apache DolphinScheduler. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apache Information Disclosure Dolphinscheduler
NVD
EPSS 1% CVSS 8.8
HIGH PATCH This Week

Improper Input Validation vulnerability in Apache DolphinScheduler. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Apache Information Disclosure Dolphinscheduler
NVD GitHub
EPSS 1% CVSS 8.8
HIGH PATCH This Week

Improper Input Validation vulnerability in Apache DolphinScheduler. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Apache Information Disclosure Dolphinscheduler
NVD GitHub
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

Before DolphinScheduler version 3.1.0, the login user could delete UDF function in the resource center unauthorized (which almost used in sql task), with unauthorized access vulnerability (IDOR), but. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Authentication Bypass Dolphinscheduler
NVD GitHub
EPSS 1% CVSS 7.5
HIGH PATCH This Week

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache DolphinScheduler.2.1. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Apache Information Disclosure Dolphinscheduler
NVD GitHub
EPSS 1% CVSS 7.5
HIGH PATCH This Week

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache DolphinScheduler. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Information Disclosure Dolphinscheduler
NVD
EPSS 1% CVSS 4.3
MEDIUM PATCH This Month

On version 3.0.0 through 3.1.1, Apache DolphinScheduler's python gateway suffered from improper authentication: an attacker could use a socket bytes attack without authentication. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apache Python Authentication Bypass +1
NVD
EPSS 1% CVSS 7.5
HIGH PATCH This Week

When using tasks to read config files, there is a risk of database password disclosure. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Dolphinscheduler
NVD
EPSS 3% CVSS 9.8
CRITICAL PATCH Act Now

Alarm instance management has command injection when there is a specific command configured. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Dolphinscheduler
NVD
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

When users add resources to the resource center with a relation path will cause path traversal issues and only for logged-in users. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Dolphinscheduler
NVD
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

Users can read any files by log server, Apache DolphinScheduler users should upgrade to version 2.0.6 or higher. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apache Path Traversal Dolphinscheduler
NVD
EPSS 2% CVSS 7.5
HIGH PATCH This Week

Apache DolphinScheduler user registration is vulnerable to Regular express Denial of Service (ReDoS) attacks, Apache DolphinScheduler users should upgrade to version 2.0.5 or higher. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Apache Dolphinscheduler
NVD
EPSS 2% CVSS 8.8
HIGH PATCH This Week

In Apache DolphinScheduler before 1.3.6 versions, authorized users can use SQL injection in the data source center. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Apache Privilege Escalation +1
NVD
EPSS 8% CVSS 9.8
CRITICAL PATCH Act Now

In DolphinScheduler 1.2.0 and 1.2.1, with mysql connectorj a remote code execution vulnerability exists when choosing mysql as database. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Dolphinscheduler
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy