Home/Product/apache dolphinscheduler
Product

apache dolphinscheduler

27 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
CVE-2026-23902
< 3.4.1
Incorrect Authorization vulnerability in Apache DolphinScheduler allows authenticated users with system login permissions to use t
8.1HIGH
 CVE-2025-62233
>= 3.2.0 and < 3.3.1
Deserialization of Untrusted Data vulnerability in Apache DolphinScheduler RPC module. This issue affects Apache DolphinScheduler
6.3MEDIUM
 CVE-2025-62188
>= 3.1.0 and < 3.2.0
An Exposure of Sensitive Information to an Unauthorized Actor vulnerability exists in Apache DolphinScheduler. This vulnerability
7.5HIGH
 CVE-2024-43166
< 3.2.2
Incorrect Default Permissions vulnerability in Apache DolphinScheduler. This issue affects Apache DolphinScheduler: before 3.2.2.
9.8CRITICAL
 CVE-2024-43115
< 3.2.2
Improper Input Validation vulnerability in Apache DolphinScheduler. An authenticated user can execute any shell script server by a
8.8HIGH
 CVE-2024-43202
>= 3.0.0 and < 3.2.2
Exposure of Remote Code Execution in Apache Dolphinscheduler. This issue affects Apache DolphinScheduler: before 3.2.2. We reco
9.8CRITICAL
 CVE-2024-30188
>= 3.1.0 and < 3.2.2
File read and write vulnerability in Apache DolphinScheduler , authenticated users can illegally access additional resource file
8.1HIGH
 CVE-2024-29831
< 3.2.2
Improper Input Validation vulnerability in Apache DolphinScheduler. An authenticated user can cause arbitrary, unsandboxed javascr
8.8HIGH
 CVE-2024-23320
< 3.2.1
Improper Input Validation vulnerability in Apache DolphinScheduler. An authenticated user can cause arbitrary, unsandboxed javascr
8.8HIGH
 CVE-2023-51770
>= 1.2.0 and < 3.2.1
Arbitrary File Read Vulnerability in Apache Dolphinscheduler. This issue affects Apache DolphinScheduler: before 3.2.1. We reco
7.5HIGH
 CVE-2023-50270
>= 1.3.8 and < 3.2.1
Session Fixation Apache DolphinScheduler before version 3.2.0, which session is still valid after the password change. Users are
6.5MEDIUM
 CVE-2023-49250
< 3.2.1
Because the HttpUtils class did not verify certificates, an attacker that could perform a Man-in-the-Middle (MITM) attack on outgo
7.3HIGH
 CVE-2023-49109
>= 3.0.0 and < 3.2.1
Exposure of Remote Code Execution in Apache Dolphinscheduler. This issue affects Apache DolphinScheduler: before 3.2.1. We reco
9.8CRITICAL
 CVE-2023-49299
< 3.1.9
Improper Input Validation vulnerability in Apache DolphinScheduler. An authenticated user can cause arbitrary, unsandboxed javasc
8.8HIGH
 CVE-2023-49620
< 3.1.0
Before DolphinScheduler version 3.1.0, the login user could delete UDF function in the resource center unauthorized (which almost
6.5MEDIUM
 CVE-2023-49068
< 3.2.1
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache DolphinScheduler.This issue affects Apache Dolp
7.5HIGH
 CVE-2023-48796
>= 3.0.0 and < 3.0.2
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache DolphinScheduler. The information exposed to u
7.5HIGH
 CVE-2023-25601
>= 3.0.0 and < 3.1.2
On version 3.0.0 through 3.1.1, Apache DolphinScheduler's python gateway suffered from improper authentication: an attacker could
4.3MEDIUM
 CVE-2022-45875
< 3.0.2
Improper validation of script alert plugin parameters in Apache DolphinScheduler to avoid remote command execution vulnerability.
9.8CRITICAL
 CVE-2022-26885
< 2.0.6
When using tasks to read config files, there is a risk of database password disclosure. We recommend you upgrade to version 2.0.6
7.5HIGH
 CVE-2022-45462
< 2.0.6
Alarm instance management has command injection when there is a specific command configured. It is only for logged-in users. We re
9.8CRITICAL
 CVE-2022-34662
< 3.0.0
When users add resources to the resource center with a relation path will cause path traversal issues and only for logged-in users
6.5MEDIUM
 CVE-2022-26884
< 2.0.6
Users can read any files by log server, Apache DolphinScheduler users should upgrade to version 2.0.6 or higher.
6.5MEDIUM
 CVE-2022-25598
< 2.0.5
Apache DolphinScheduler user registration is vulnerable to Regular express Denial of Service (ReDoS) attacks, Apache DolphinSchedu
7.5HIGH
 CVE-2021-27644
< 1.3.6
In Apache DolphinScheduler before 1.3.6 versions, authorized users can use SQL injection in the data source center. (Only applicab
8.8HIGH
 CVE-2020-13922
all versions
Versions of Apache DolphinScheduler prior to 1.3.2 allowed an ordinary user under any tenant to override another users password th
6.5MEDIUM
 CVE-2020-11974
all versions
In DolphinScheduler 1.2.0 and 1.2.1, with mysql connectorj a remote code execution vulnerability exists when choosing mysql as dat
9.8CRITICAL
SOC and Response
CVE triage
Stack monitoring
Am I affected
IOC triage
KEV catalog
Daily brief
Change tracking
Detection Engineering
Coverage workspace
Detection coverage
Coverage check
Telemetry ceiling
SIEM query builder
Sigma rules
SIEM rules
YARA rules
Network rules
D3FEND
Threat Hunting
Threat actors
ATT&CK techniques
Attack paths
Indicators
Atomic tests
Red Team and Pentest
Exploitability triage
Recon pack
Attack paths
CAPEC patterns
Adversary emulation
Compliance and GRC
Framework mapping
Control assessment
Audit view
Coverage report
Atlas Search Threat actors Techniques Tools & malware CWE CAPEC KEV catalog Package vulns
About All capabilities Pricing API docs Live status Privacy policy Terms of service
threatengine.sh