CVE-2023-48796

CVSS 3.1 Score 7.5 of 10 (high)

Details

Published Nov 24, 2023

Updated: Dec 1, 2023

CWE ID 200

Summary

CVE-2023-48796 is a vulnerability affecting Apache DolphinScheduler that exposes sensitive information, such as database credentials, to unauthorized actors. This issue arises due to misconfigured endpoints. However, users can workaround this by setting an environment variable or adding a configuration to their `application.yaml` file. This vulnerability impacts versions of Apache DolphinScheduler from 3.0.0 to 3.0.1. To mitigate the risk, users are advised to upgrade to the patched version 3.0.2.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Apache Software Foundation

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/te8XF2
https://www.cve.org/CVERecord?id=CVE-2023-48796
https://nvd.nist.gov/vuln/detail/CVE-2023-48796

Back to Vulnerability Database

CVE-2023-48796

CVSS 3.1 Score 7.5 of 10 (high)

Details

Summary

Affected Vendors

Advisories, Assessments, and Mitigations