CVE-2020-13922

Apache DolphinScheduler (incubating) Permission vulnerability

EPSS 1.7%CWE-264

Versions of Apache DolphinScheduler prior to 1.3.2 allowed an ordinary user under any tenant to override another users password through the API interface.

Productos afectados

Apache Software Foundation · Apache DolphinScheduler

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

https://www.mail-archive.com/announce%40apache.org/msg06076.html