You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@dolphinscheduler.apache.org by David Zollo <da...@gmail.com> on 2023/11/27 09:31:40 UTC

CVE-2023-49068: Apache DolphinScheduler: Information Leakage Vulnerability

Hi guys,

I'd like to notice a Leakage Vulnerability of Apache DolphinScheduler

The details are as follows:

Subject: CVE-2023-49068: Apache DolphinScheduler: Information Leakage
Vulnerability

Severity: important

Affected versions:

- Apache DolphinScheduler before 3.2.1

Description:

Exposure of Sensitive Information to an Unauthorized Actor
vulnerability in Apache DolphinScheduler. This issue affects Apache
DolphinScheduler: before 3.2.1.

Users are recommended to upgrade to version 3.2.1, which fixes the
issue. At the time of disclosure of this advisory, this version has
not yet been released. In the mean time, we recommend you make sure
the logs are only available to trusted operators.

Credit:

Y4tacker and 4ra1n from Y4secTeam (finder)

References:
https://github.com/apache/dolphinscheduler/pull/15192https://dolphinscheduler.apache.orghttps://www.cve.org/CVERecord?id=CVE-2023-49068





Best Regards

---------------
Apache DolphinScheduler PMC Chair & Apache SeaTunnel PMC member
David
Linkedin: https://www.linkedin.com/in/davidzollo
Twitter: @WorkflowEasy <https://twitter.com/WorkflowEasy>
---------------