You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@dolphinscheduler.apache.org by David Zollo <da...@gmail.com> on 2023/11/27 09:31:40 UTC
CVE-2023-49068: Apache DolphinScheduler: Information Leakage Vulnerability
Hi guys,
I'd like to notice a Leakage Vulnerability of Apache DolphinScheduler
The details are as follows:
Subject: CVE-2023-49068: Apache DolphinScheduler: Information Leakage
Vulnerability
Severity: important
Affected versions:
- Apache DolphinScheduler before 3.2.1
Description:
Exposure of Sensitive Information to an Unauthorized Actor
vulnerability in Apache DolphinScheduler. This issue affects Apache
DolphinScheduler: before 3.2.1.
Users are recommended to upgrade to version 3.2.1, which fixes the
issue. At the time of disclosure of this advisory, this version has
not yet been released. In the mean time, we recommend you make sure
the logs are only available to trusted operators.
Credit:
Y4tacker and 4ra1n from Y4secTeam (finder)
References:
https://github.com/apache/dolphinscheduler/pull/15192https://dolphinscheduler.apache.orghttps://www.cve.org/CVERecord?id=CVE-2023-49068
Best Regards
---------------
Apache DolphinScheduler PMC Chair & Apache SeaTunnel PMC member
David
Linkedin: https://www.linkedin.com/in/davidzollo
Twitter: @WorkflowEasy <https://twitter.com/WorkflowEasy>
---------------