CVE-2020-13922

Apache DolphinScheduler (incubating) Permission vulnerability

EPSS 1.7%CWE-264

Versions of Apache DolphinScheduler prior to 1.3.2 allowed an ordinary user under any tenant to override another users password through the API interface.

Affected products

Apache Software Foundation · Apache DolphinScheduler

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://www.mail-archive.com/announce%40apache.org/msg06076.html