Apache Software Foundation Apache Dolphinscheduler vulnerabilities
24 known vulnerabilities affecting apache_software_foundation/apache_dolphinscheduler.
Total CVEs
24
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
CRITICAL5HIGH13MEDIUM6
Vulnerabilities
Page 2 of 2
CVE-2022-26884MEDIUMCVSS 6.5≥ Apache DolphinScheduler, < 2.0.62022-10-28
CVE-2022-26884 [MEDIUM] CWE-22 CVE-2022-26884: Users can read any files by log server, Apache DolphinScheduler users should upgrade to version 2.0.
Users can read any files by log server, Apache DolphinScheduler users should upgrade to version 2.0.6 or higher.
cvelistv5nvd
CVE-2022-25598HIGHCVSS 7.5≥ Apache DolphinScheduler, < 2.0.52022-03-30
CVE-2022-25598 [HIGH] CWE-1333 CVE-2022-25598: Apache DolphinScheduler user registration is vulnerable to Regular express Denial of Service (ReDoS)
Apache DolphinScheduler user registration is vulnerable to Regular express Denial of Service (ReDoS) attacks, Apache DolphinScheduler users should upgrade to version 2.0.5 or higher.
cvelistv5nvd
CVE-2021-27644HIGHCVSS 8.8≥ Apache DolphinScheduler, < 1.3.62021-11-01
CVE-2021-27644 [HIGH] CWE-264 CVE-2021-27644: In Apache DolphinScheduler before 1.3.6 versions, authorized users can use SQL injection in the data
In Apache DolphinScheduler before 1.3.6 versions, authorized users can use SQL injection in the data source center. (Only applicable to MySQL data source with internal login account password)
cvelistv5nvd
CVE-2020-13922MEDIUMCVSS 6.5≥ Apache DolphinScheduler, < 1.3.22021-01-11
CVE-2020-13922 [MEDIUM] CWE-264 CVE-2020-13922: Versions of Apache DolphinScheduler prior to 1.3.2 allowed an ordinary user under any tenant to over
Versions of Apache DolphinScheduler prior to 1.3.2 allowed an ordinary user under any tenant to override another users password through the API interface.
cvelistv5nvd
← Previous2 / 2