Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2024-30188

CWE-20 — Improper Input Validation5 documents5 sources

Severity

8.1HIGH

EPSS

88.5%

top 0.50%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Apache Software Foundation Apache Dolphinscheduler Apache Dolphinscheduler

Timeline

PublishedAug 12

Description

File read and write vulnerability in Apache DolphinScheduler , authenticated users can illegally access additional resource files. This issue affects Apache DolphinScheduler: from 3.1.0 before 3.2.2. Users are recommended to upgrade to version 3.2.2, which fixes the issue.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:NExploitability: 2.8 | Impact: 5.2

Affected Packages3 packages

▶NVDapache/dolphinscheduler3.1.0 — 3.2.2

▶Mavenorg.apache.dolphinscheduler:dolphinscheduler3.1.0 — 3.2.2

▶CVEListV5apache_software_foundation/apache_dolphinscheduler3.1.0 — 3.2.2

🔴Vulnerability Details

OSV

Apache DolphinScheduler: Resource File Read And Write Vulnerability↗2024-08-12

▶

GHSA

Apache DolphinScheduler: Resource File Read And Write Vulnerability↗2024-08-12

▶

CVEList

Apache DolphinScheduler: Resource File Read And Write Vulnerability↗2024-08-09

▶

💥Exploits & PoCs

Nuclei

Apache DolphinScheduler >= 3.1.0, < 3.2.2 Resource File Read And Write

▶