Illegal Access to Additional Resource Files via File Read/Write Vulnerability
CVE-2024-30188

8.1HIGH

Key Information:

Vendor: Apache
Status: Apache Dolphinscheduler
Vendor: CVE Published:; 12 August 2024

Summary

A file read and write vulnerability exists in Apache DolphinScheduler that allows authenticated users to gain unauthorized access to additional resource files. This security flaw affects versions from 3.1.0 up to, but not including, 3.2.2, creating potential risks for data integrity and confidentiality. Users are strongly advised to upgrade to version 3.2.2 to mitigate the vulnerability, ensuring the security of their environments and data.

Affected Version(s)

Apache DolphinScheduler 3.1.0 < 3.2.2

References

https://lists.apache.org/thread/tbrt42mnr42bq6scxwt6bjr3s...

vendor-advisory

EPSS Score

6% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

8.1

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Aug 12, 2024
Vulnerability Reserved
Mar 25, 2024

Credit

L0ne1y

drun1baby

Zevi

Xun Bai