Incorrect Default Permissions in Apache DolphinScheduler
High severity
GitHub Reviewed
Published
Feb 9, 2022
to the GitHub Advisory Database
•
Updated Nov 18, 2024
Package
Affected versions
< 1.3.2
Patched versions
1.3.2
Description
Published by the National Vulnerability Database
Jan 11, 2021
Reviewed
Apr 6, 2021
Published to the GitHub Advisory Database
Feb 9, 2022
Last updated
Nov 18, 2024
Versions of Apache DolphinScheduler prior to 1.3.2 allowed an ordinary user under any tenant to override another users password through the API interface.
References