CVE-2023-49620

Name of the Vulnerable Software and Affected Versions DolphinScheduler versions prior to 3.1.0

Description The issue allows authenticated users to delete UDF functions in the resource center without authorization, which is related to an unauthorized access vulnerability, also known as Insecure Direct Object Reference (IDOR). This vulnerability requires user login to operate.

Recommendations For versions prior to 3.1.0, upgrade to version 3.1.0 to avoid this issue. As a temporary workaround, consider restricting access to the resource center and UDF functions to minimize the risk of exploitation.