CVE-2024-43166

CWE-276Incorrect Default Permissions4 documents4 sources
Severity
9.8CRITICAL
EPSS
0.1%
top 65.49%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Apache Software Foundation Apache DolphinschedulerApache Dolphinscheduler
Timeline
PublishedSep 3

Description

Incorrect Default Permissions vulnerability in Apache DolphinScheduler. This issue affects Apache DolphinScheduler: before 3.2.2. Users are recommended to upgrade to version 3.3.1, which fixes the issue.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages3 packages

🔴Vulnerability Details

3
OSV
Apache DolphinScheduler Incorrect Default Permissions Vulnerability2025-09-03
CVEList
CVE-2024-43166: Incorrect Default Permissions vulnerability in Apache DolphinScheduler2025-09-03
GHSA
Apache DolphinScheduler Incorrect Default Permissions Vulnerability2025-09-03
CVE-2024-43166 (CRITICAL CVSS 9.8) | Incorrect Default Permissions vulne | cvebase.io