Vulnerabilities > Apache > Dolphinscheduler > High

DATE CVE VULNERABILITY TITLE RISK
2024-08-12 CVE-2024-30188 Unspecified vulnerability in Apache Dolphinscheduler
File read and write vulnerability in Apache DolphinScheduler ,  authenticated users can illegally access additional resource files. This issue affects Apache DolphinScheduler: from 3.1.0 before 3.2.2. Users are recommended to upgrade to version 3.2.2, which fixes the issue.
network
low complexity
apache
8.1
2023-12-30 CVE-2023-49299 Unspecified vulnerability in Apache Dolphinscheduler
Improper Input Validation vulnerability in Apache DolphinScheduler.
network
low complexity
apache
8.8
2023-11-27 CVE-2023-49068 Unspecified vulnerability in Apache Dolphinscheduler
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache DolphinScheduler.This issue affects Apache DolphinScheduler: before 3.2.1. Users are recommended to upgrade to version 3.2.1, which fixes the issue.
network
low complexity
apache
7.5
2023-11-24 CVE-2023-48796 Unspecified vulnerability in Apache Dolphinscheduler 3.0.0/3.0.1
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache DolphinScheduler. The information exposed to unauthorized actors may include sensitive data such as database credentials. Users who can't upgrade to the fixed version can also set environment variable `MANAGEMENT_ENDPOINTS_WEB_EXPOSURE_INCLUDE=health,metrics,prometheus` to workaround this, or add the following section in the `application.yaml` file ``` management:   endpoints:     web:       exposure:         include: health,metrics,prometheus ``` This issue affects Apache DolphinScheduler: from 3.0.0 before 3.0.2. Users are recommended to upgrade to version 3.0.2, which fixes the issue.
network
low complexity
apache
7.5
2022-11-24 CVE-2022-26885 Unspecified vulnerability in Apache Dolphinscheduler
When using tasks to read config files, there is a risk of database password disclosure.
network
low complexity
apache
7.5
2022-03-30 CVE-2022-25598 Unspecified vulnerability in Apache Dolphinscheduler
Apache DolphinScheduler user registration is vulnerable to Regular express Denial of Service (ReDoS) attacks, Apache DolphinScheduler users should upgrade to version 2.0.5 or higher.
network
low complexity
apache
7.5
2021-11-01 CVE-2021-27644 SQL Injection vulnerability in Apache Dolphinscheduler
In Apache DolphinScheduler before 1.3.6 versions, authorized users can use SQL injection in the data source center.
network
low complexity
apache CWE-89
8.8