CVE-2022-45462

Alarm instance management has command injection when there is a specific command configured. It is only for logged-in users. We recommend you upgrade to version 2.0.6 or higher

Published: Nov 23, 2022
Updated: May 9, 2024
CVE: CVE-2022-45462
GHSA: GHSA-wqg7-mx6p-2rw3
Severity: Critical
Exploit:

CVSS v3:

Severity: Critical
Score: 9.8
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWEs:

CWE-77

OWASP TOP 10:

A1 - Injection

Affected Software
References

Software	From	Fixed in
apache / dolphinscheduler	-	2.0.6
org.apache.dolphinscheduler / dolphinscheduler-alert-plugins	-	2.0.6

http://www.openwall.com/lists/oss-security/2022/11/23/1
https://github.com/apache/dolphinscheduler/pull/10744
https://github.com/apache/dolphinscheduler/pull/9834
https://lists.apache.org/thread/2f126y32bf1v3mvxkdgt2jr5j3l1t01w

Vulnerability Database

291,049

CVE-2022-45462