CVE-2024-43202

CRITICAL9.8Remote code exec

Description

Exposure of Remote Code Execution in Apache Dolphinscheduler. This issue affects Apache DolphinScheduler: before 3.2.2. We recommend users to upgrade Apache DolphinScheduler to version 3.2.2, which fixes the issue.

CVSS breakdown

CVSS 3.1

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Affected products

Apache Software Foundation / Apache DolphinScheduler3.0.0 – 3.2.2

References

PATCHhttps://github.com/apache/dolphinscheduler/pull/15758
MAILING_LISThttps://lists.apache.org/thread/nlmdp7q7l7o3l27778vxc5px24ncr5r5
MAILING_LISThttps://lists.apache.org/thread/qbhk9wqyxhrn4z7m4m343wqxpwg926nh
CONFIRMhttps://www.cve.org/CVERecord?id=CVE-2023-49109