CVE-2023-49068

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache DolphinScheduler.This issue affects Apache DolphinScheduler: before 3.2.1. Users are recommended to upgrade to version 3.2.1, which fixes the issue. At the time of disclosure of this advisory, this version has not yet been released. In the mean time, we recommend you make sure the logs are only available to trusted operators.
References
Configurations

Configuration 1 (hide)

cpe:2.3:a:apache:dolphinscheduler:*:*:*:*:*:*:*:*

History

01 Dec 2023, 13:53

Type Values Removed Values Added
CWE NVD-CWE-noinfo
References () https://lists.apache.org/thread/jn6kr6mjdgtfgpxoq9j8q4pkfsq8zmpq - () https://lists.apache.org/thread/jn6kr6mjdgtfgpxoq9j8q4pkfsq8zmpq - Mailing List, Vendor Advisory
References () https://github.com/apache/dolphinscheduler/pull/15192 - () https://github.com/apache/dolphinscheduler/pull/15192 - Issue Tracking, Patch
First Time Apache
Apache dolphinscheduler
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 7.5
CPE cpe:2.3:a:apache:dolphinscheduler:*:*:*:*:*:*:*:*

27 Nov 2023, 10:15

Type Values Removed Values Added
New CVE

Information

Published : 2023-11-27 10:15

Updated : 2024-02-28 20:54


NVD link : CVE-2023-49068

Mitre link : CVE-2023-49068

CVE.ORG link : CVE-2023-49068


JSON object : View

Products Affected

apache

  • dolphinscheduler
CWE
NVD-CWE-noinfo CWE-200

Exposure of Sensitive Information to an Unauthorized Actor