[<prev] [next>] [day] [month] [year] [list]
Date: Wed, 22 Nov 2023 04:31:28 +0000
From: Wenjun Ruan <wenjun@...che.org>
To: oss-security@...ts.openwall.com
Subject: CVE-2022-45875: Apache DolphinScheduler: Remote command execution
Vulnerability in script alert plugin
Severity: low
Affected versions:
- Apache DolphinScheduler 3.0 through 3.0.1
- Apache DolphinScheduler 3.1 through 3.1.0
Description:
Improper validation of script alert plugin parameters in Apache DolphinScheduler to avoid remote command execution vulnerability. This issue affects Apache DolphinScheduler version 3.0.1 and prior versions; version 3.1.0 and prior versions.
This attack can be performed only by authenticated users which can login to DS.
Credit:
4ra1n of Chaitin Tech (finder)
References:
https://lists.apache.org/thread/r0wqzkjsoq17j6ww381kmpx3jjp9hb6r
https://dolphinscheduler.apache.org
https://www.cve.org/CVERecord?id=CVE-2022-45875
Powered by blists - more mailing lists
Please check out the
Open Source Software Security Wiki, which is counterpart to this
mailing list.
Confused about mailing lists and their use?
Read about mailing lists on Wikipedia
and check out these
guidelines on proper formatting of your messages.
