W Aiyou

Name of the Vulnerable Software and Affected Versions Apache DolphinScheduler versions 3.1.* Description An issue exists in Apache DolphinScheduler that may allow unauthorized actors to access sensitive information, including database credentials. As a temporary workaround, users may restrict exposed management endpoints by setting the environment variable `MANAGEMENT ENDPOINTS WEB EXPOSURE INCLUDE` to 'health,metrics,prometheus', or by adding a configuration to the `application.yaml` file to include only 'health,metrics,prometheus' in the management endpoints web exposure. Recommendations Upgrade to version 3.2.0 or later if using versions 3.1.x. As a temporary workaround, set the `MANAGEMENT ENDPOINTS WEB EXPOSURE INCLUDE` environment variable to 'health,metrics,prometheus'. Alternatively, configure the `application.yaml` file to include only 'health,metrics,prometheus' in the management endpoints web exposure.