CVE-2023-49068: Exposure of Sensitive Information to an Unauthorized Actor

November 27, 2023 (updated November 28, 2023)

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache DolphinScheduler.This issue affects Apache DolphinScheduler: before 3.2.1.

Users are recommended to upgrade to version 3.2.1, which fixes the issue. At the time of disclosure of this advisory, this version has not yet been released. In the mean time, we recommend you make sure the logs are only available to trusted operators.

References

github.com/advisories/GHSA-c6cg-73p3-973h
github.com/apache/dolphinscheduler/commit/7308888c703fbe227887d2426273100582096134
github.com/apache/dolphinscheduler/pull/15192
lists.apache.org/thread/jn6kr6mjdgtfgpxoq9j8q4pkfsq8zmpq
nvd.nist.gov/vuln/detail/CVE-2023-49068

Code Behaviors & Features

Detect and mitigate CVE-2023-49068 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →