Versions of Apache DolphinScheduler prior to 1.3.2 allowed an ordinary user under any tenant to override another users password through the API interface.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Dolphinscheduler | Apache | 1.2.0 (including) | 1.2.0 (including) |
Dolphinscheduler | Apache | 1.2.1 (including) | 1.2.1 (including) |
Dolphinscheduler | Apache | 1.3.1 (including) | 1.3.1 (including) |