CVE - CVE-2023-49620

CVE-ID
CVE-2023-49620	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
Before DolphinScheduler version 3.1.0, the login user could delete UDF function in the resource center unauthorized (which almost used in sql task), with unauthorized access vulnerability (IDOR), but after version 3.1.0 we fixed this issue. We mark this cve as moderate level because it still requires user login to operate, please upgrade to version 3.1.0 to avoid this vulnerability
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
MISC:https://github.com/apache/dolphinscheduler/pull/10307 URL:https://github.com/apache/dolphinscheduler/pull/10307 MISC:https://lists.apache.org/thread/zm4t1ykj4cro1c8183q7y32z0yzfz8yj URL:https://lists.apache.org/thread/zm4t1ykj4cro1c8183q7y32z0yzfz8yj MLIST:[oss-security] 20231130 CVE-2023-49620: Apache DolphinScheduler: Authenticated users could delete UDFs in resouece center they were not authorized URL:http://www.openwall.com/lists/oss-security/2023/11/30/4
Assigning CNA
Apache Software Foundation
Date Record Created
20231128	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20231128)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)