Vulnerabilities > Apache > Dolphinscheduler > Medium

DATE CVE VULNERABILITY TITLE RISK
2023-11-30 CVE-2023-49620 Unspecified vulnerability in Apache Dolphinscheduler
Before DolphinScheduler version 3.1.0, the login user could delete UDF function in the resource center unauthorized (which almost used in sql task), with unauthorized access vulnerability (IDOR), but after version 3.1.0 we fixed this issue.
network
low complexity
apache
6.5
2023-04-20 CVE-2023-25601 Unspecified vulnerability in Apache Dolphinscheduler
On version 3.0.0 through 3.1.1, Apache DolphinScheduler's python gateway suffered from improper authentication: an attacker could use a socket bytes attack without authentication.
network
low complexity
apache
4.3
2022-11-01 CVE-2022-34662 Unspecified vulnerability in Apache Dolphinscheduler
When users add resources to the resource center with a relation path will cause path traversal issues and only for logged-in users.
network
low complexity
apache
6.5
2022-10-28 CVE-2022-26884 Path Traversal vulnerability in Apache Dolphinscheduler
Users can read any files by log server, Apache DolphinScheduler users should upgrade to version 2.0.6 or higher.
network
low complexity
apache CWE-22
6.5
2021-01-11 CVE-2020-13922 Incorrect Default Permissions vulnerability in Apache Dolphinscheduler 1.2.0/1.2.1/1.3.1
Versions of Apache DolphinScheduler prior to 1.3.2 allowed an ordinary user under any tenant to override another users password through the API interface.
network
low complexity
apache CWE-276
6.5