mirror of
https://github.com/CVEProject/cvelist.git
synced 2025-08-04 08:44:25 +00:00
87 lines
3.0 KiB
JSON
87 lines
3.0 KiB
JSON
{
|
|
"data_version": "4.0",
|
|
"data_type": "CVE",
|
|
"data_format": "MITRE",
|
|
"CVE_data_meta": {
|
|
"ID": "CVE-2023-49620",
|
|
"ASSIGNER": "security@apache.org",
|
|
"STATE": "PUBLIC"
|
|
},
|
|
"description": {
|
|
"description_data": [
|
|
{
|
|
"lang": "eng",
|
|
"value": "Before DolphinScheduler version 3.1.0, the login user could delete UDF function in the resource center unauthorized (which almost used in sql task), with\u00a0unauthorized\u00a0access vulnerability (IDOR), but after version 3.1.0 we fixed this issue. We mark this cve as moderate level because it still requires user login to operate, please upgrade to version 3.1.0 to avoid this\u00a0vulnerability"
|
|
}
|
|
]
|
|
},
|
|
"problemtype": {
|
|
"problemtype_data": [
|
|
{
|
|
"description": [
|
|
{
|
|
"lang": "eng",
|
|
"value": "CWE-862 Missing Authorization",
|
|
"cweId": "CWE-862"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
"affects": {
|
|
"vendor": {
|
|
"vendor_data": [
|
|
{
|
|
"vendor_name": "Apache Software Foundation",
|
|
"product": {
|
|
"product_data": [
|
|
{
|
|
"product_name": "Apache DolphinScheduler",
|
|
"version": {
|
|
"version_data": [
|
|
{
|
|
"version_affected": "<",
|
|
"version_name": "2.0.0",
|
|
"version_value": "3.1.0"
|
|
}
|
|
]
|
|
}
|
|
}
|
|
]
|
|
}
|
|
}
|
|
]
|
|
}
|
|
},
|
|
"references": {
|
|
"reference_data": [
|
|
{
|
|
"url": "https://github.com/apache/dolphinscheduler/pull/10307",
|
|
"refsource": "MISC",
|
|
"name": "https://github.com/apache/dolphinscheduler/pull/10307"
|
|
},
|
|
{
|
|
"url": "https://lists.apache.org/thread/zm4t1ykj4cro1c8183q7y32z0yzfz8yj",
|
|
"refsource": "MISC",
|
|
"name": "https://lists.apache.org/thread/zm4t1ykj4cro1c8183q7y32z0yzfz8yj"
|
|
},
|
|
{
|
|
"url": "http://www.openwall.com/lists/oss-security/2023/11/30/4",
|
|
"refsource": "MISC",
|
|
"name": "http://www.openwall.com/lists/oss-security/2023/11/30/4"
|
|
}
|
|
]
|
|
},
|
|
"generator": {
|
|
"engine": "Vulnogram 0.1.0-dev"
|
|
},
|
|
"source": {
|
|
"discovery": "UNKNOWN"
|
|
},
|
|
"credits": [
|
|
{
|
|
"lang": "en",
|
|
"value": "Yuanheng Lab of zhongfu"
|
|
}
|
|
]
|
|
} |