CVE-2020-13922
published 2021-01-11CVE-2020-13922: Versions of Apache DolphinScheduler prior to 1.3.2 allowed an ordinary user under any tenant to override another users password through the API interface.
medium6.5CVSS 3.1
AVNACLPRLUINSUCNIHAN
Versions of Apache DolphinScheduler prior to 1.3.2 allowed an ordinary user under any tenant to override another users password through the API interface.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apache | dolphinscheduler | — | — |
| apache | dolphinscheduler | — | — |
| apache | dolphinscheduler | — | — |
| apache_software_foundation | apache_dolphinscheduler | >= Apache DolphinScheduler < 1.3.2 | 1.3.2 |