Apache DolphinScheduler: Information Leakage Vulnerability
CVE-2023-49068

7.5HIGH

Key Information:

Vendor: Apache
Status: Apache DolphinScheduler
Vendor: CVE Published:; 27 November 2023

Summary

A vulnerability in Apache DolphinScheduler allows unauthorized actors to access sensitive information, exposing logs and potentially compromising user data. Users are advised to restrict log access to trusted operators and upgrade to version 3.2.1 as a remedial measure.

Affected Version(s)

Apache DolphinScheduler 0 < 3.2.1

References

https://github.com/apache/dolphinscheduler/pull/15192

issue-tracking

https://lists.apache.org/thread/jn6kr6mjdgtfgpxoq9j8q4pkf...

vendor-advisory

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Nov 27, 2023
Vulnerability Reserved
Nov 21, 2023

Credit

Y4tacker and 4ra1n from Y4secTeam