Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2023-49620

Before DolphinScheduler version 3.1.0, the login user could delete UDF function in the resource center unauthorized (which almost used in sql task), with unauthorized access vulnerability (IDOR), but after version 3.1.0 we fixed this issue. We mark this cve as moderate level because it still requires user login to operate, please upgrade to version 3.1.0 to avoid this vulnerability

Published

2023-11-30T09:15:07.227

Last Modified

2024-11-21T08:33:38.597

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 6.5 (MEDIUM)

Weaknesses

Type: Primary
CWE-862

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	apache	dolphinscheduler	< 3.1.0	Yes

References

http://www.openwall.com/lists/oss-security/2023/11/30/4 Mailing List, Third Party Advisory ([email protected])
https://github.com/apache/dolphinscheduler/pull/10307 Issue Tracking, Patch ([email protected])
https://lists.apache.org/thread/zm4t1ykj4cro1c8183q7y32z0yzfz8yj Mailing List, Vendor Advisory ([email protected])
http://www.openwall.com/lists/oss-security/2023/11/30/4 Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://github.com/apache/dolphinscheduler/pull/10307 Issue Tracking, Patch (af854a3a-2127-422b-91ae-364da2661108)
https://lists.apache.org/thread/zm4t1ykj4cro1c8183q7y32z0yzfz8yj Mailing List, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)