CVE Vulnerabilities

CVE-2020-13922

Published: Jan 11, 2021 | Modified: Nov 21, 2024
CVSS 3.x
6.5
MEDIUM
Source:
NVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
CVSS 2.x
4 MEDIUM
AV:N/AC:L/Au:S/C:N/I:P/A:N
RedHat/V2
RedHat/V3
Ubuntu

Versions of Apache DolphinScheduler prior to 1.3.2 allowed an ordinary user under any tenant to override another users password through the API interface.

Affected Software

Name Vendor Start Version End Version
Dolphinscheduler Apache 1.2.0 (including) 1.2.0 (including)
Dolphinscheduler Apache 1.2.1 (including) 1.2.1 (including)
Dolphinscheduler Apache 1.3.1 (including) 1.3.1 (including)

References