CVE-2023-49068

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache DolphinScheduler.This issue affects Apache DolphinScheduler: before 3.2.1.

Users are recommended to upgrade to version 3.2.1, which fixes the issue. At the time of disclosure of this advisory, this version has not yet been released. In the mean time, we recommend you make sure the logs are only available to trusted operators.

Published: Nov 27, 2023
Updated: May 10, 2024
CVE: CVE-2023-49068
GHSA: GHSA-c6cg-73p3-973h
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7.5
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWEs:

CWE-200

Affected Software
References

Software	From	Fixed in
org.apache.dolphinscheduler / dolphinscheduler-api	-	3.2.1
apache / dolphinscheduler	-	3.2.1

https://github.com/apache/dolphinscheduler/commit/7308888c703fbe227887d2426273100582096134
https://github.com/apache/dolphinscheduler/pull/15192
https://lists.apache.org/thread/jn6kr6mjdgtfgpxoq9j8q4pkfsq8zmpq

Vulnerability Database

291,049

CVE-2023-49068