Skip to content

Incorrect Default Permissions in Apache DolphinScheduler

Moderate severity GitHub Reviewed Published Feb 9, 2022 to the GitHub Advisory Database • Updated Sep 12, 2024

Package

maven org.apache.dolphinscheduler:dolphinscheduler-api (Maven)

Affected versions

< 1.3.2

Patched versions

1.3.2

Description

Versions of Apache DolphinScheduler prior to 1.3.2 allowed an ordinary user under any tenant to override another users password through the API interface.

References

Published by the National Vulnerability Database Jan 11, 2021
Reviewed Apr 6, 2021
Published to the GitHub Advisory Database Feb 9, 2022
Last updated Sep 12, 2024

Severity

Moderate

EPSS score

0.088%
(39th percentile)

Weaknesses

CVE ID

CVE-2020-13922

GHSA ID

GHSA-qhh5-9738-g9mx

Source code

Loading Checking history
See something to contribute? Suggest improvements for this vulnerability.