Home > Vulnerability Database > CVE-2023-49068

Mend.io Vulnerability Database

CVE-2023-49068

Good to know:

Date: November 27, 2023

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache DolphinScheduler.This issue affects Apache DolphinScheduler: before 3.2.1. Users are recommended to upgrade to version 3.2.1, which fixes the issue. At the time of disclosure of this advisory, this version has not yet been released. In the mean time, we recommend you make sure the logs are only available to trusted operators.

Language: Java

Severity Score

7.5

Related Resources (6)

Url: https://lists.apache.org/thread/jn6kr6mjdgtfgpxoq9j8q4pkfsq8zmpq

Url: https://nvd.nist.gov/vuln/detail/CVE-2023-49068

Url: https://github.com/apache/dolphinscheduler/commit/7308888c703fbe227887d2426273100582096134

Url: https://github.com/apache/dolphinscheduler/pull/15192

Url: https://seclists.org/oss-sec/2023/q4/234

Url: https://www.mend.io/vulnerability-database/CVE-2023-49068

Severity Score

7.5

Weakness Type (CWE)

Information Leak / Disclosure

CWE-200

Insufficient Information

NVD-CWE-noinfo

Top Fix

Upgrade Version

Upgrade to version org.apache.dolphinscheduler:dolphinscheduler-api:3.2.1

Learn More

CVSS v3.1

Base Score:	7.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	NONE
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2023-49068

Good to know:

Date: November 27, 2023

Language: Java

Severity Score

Related Resources (6)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?