CVE-2023-49620

CVSS 3.1 Score 6.5 of 10 (medium)

Details

Published Nov 30, 2023

Updated: Dec 5, 2023

CWE ID 862

Summary

CVE-2023-49620 is a vulnerability affecting DolphinScheduler before version 3.1.0. It allows an unauthorized user, once logged in, to delete UDF functions in the resource center, which are commonly used in SQL tasks. This issue is classified as an unauthorized access vulnerability (IDOR). Although it requires user authentication to exploit, it is recommended to upgrade to version 3.1.0 to mitigate this moderate-level risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Apache DolphinScheduler

Affected Vendors

Apache Software Foundation

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/tmM72O
https://www.cve.org/CVERecord?id=CVE-2023-49620
https://nvd.nist.gov/vuln/detail/CVE-2023-49620

Back to Vulnerability Database