CVE-2020-13922 – org.apache.dolphinscheduler:dolphinscheduler-api

Package

Manager: maven
Name: org.apache.dolphinscheduler:dolphinscheduler-api
Vulnerable Version: >=0 <1.3.2

Severity

Level: High

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00831 pctl0.73683

Details

Incorrect Default Permissions in Apache DolphinScheduler Versions of Apache DolphinScheduler prior to 1.3.2 allowed an ordinary user under any tenant to override another users password through the API interface.

Metadata

Created: 2022-02-09T22:26:32Z
Modified: 2024-11-18T16:26:12Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/02/GHSA-qhh5-9738-g9mx/GHSA-qhh5-9738-g9mx.json
CWE IDs: ["CWE-276"]
Alternative ID: GHSA-qhh5-9738-g9mx
Finding: F159
Auto approve: 1