PT-2024-19808 · Apache · Apache Dolphinscheduler

Eluen Siebene

Published

2024-02-23

Updated

2025-03-18

CVE-2024-23320

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Apache DolphinScheduler (affected versions not specified)

Description The issue concerns an Improper Input Validation vulnerability, allowing an authenticated user to execute arbitrary, unsandboxed javascript on the server. This can lead to arbitrary js execution as root for authenticated users.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

CVE-2024-23320

GHSA-RC6H-QWJ9-2C53

Affected Products

Apache Dolphinscheduler

PT-2024-19808 · Apache · Apache Dolphinscheduler

CVE-2024-23320

Weakness Enumeration

Related Identifiers

Affected Products

References · 13