PT-2023-31042 · Apache · Apache Dolphinscheduler

4Ra1N

Publicado

2023-11-27

Atualizado

2023-12-01

CVE-2023-49068

CVSS v3.1

7.5

Alta

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Apache DolphinScheduler versions prior to 3.2.1

Description The issue is related to the exposure of sensitive information to an unauthorized actor. Users are advised to ensure that logs are only available to trusted operators as a temporary measure.

Recommendations For versions prior to 3.2.1, upgrade to version 3.2.1 when it becomes available, as it fixes the issue. In the meantime, make sure the logs are only available to trusted operators.

Correção

Information Disclosure

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-200

Identificadores relacionados

CVE-2023-49068

GHSA-C6CG-73P3-973H

Produtos afetados

Apache Dolphinscheduler

PT-2023-31042 · Apache · Apache Dolphinscheduler

CVE-2023-49068

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 9