CVE-2020-13922

Apache DolphinScheduler (incubating) Permission vulnerability

EPSS 1.7%CWE-264

Versions of Apache DolphinScheduler prior to 1.3.2 allowed an ordinary user under any tenant to override another users password through the API interface.

Produtos afetados

Apache Software Foundation · Apache DolphinScheduler

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

https://www.mail-archive.com/announce%40apache.org/msg06076.html