[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: Re: [oss-security] CVE-2023-49068: Apache DolphinScheduler: Information Leakage Vulnerability
From: John Helmert III <ajak () gentoo ! org>
Date: 2023-11-25 20:07:41
Message-ID: ZWJUDWTquSuqfmSk () gentoo ! org
[Download RAW message or body]
On Fri, Nov 24, 2023 at 05:29:43AM +0000, Zihao Xiang wrote:
> Severity: important
>
> Affected versions:
>
> - Apache DolphinScheduler before 3.2.1
>
> Description:
>
> Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache \
> DolphinScheduler.This issue affects Apache DolphinScheduler: 3.2.1.
> Users are recommended to upgrade to version [FIXED_VERSION], which fixes the issue.
So <3.2.1 is affected, but also =3.2.1, and "[FIXED_VERSION]" was
seemingly not replaced in the template. What are the correct affected
and unaffected versions? I tried to dig into what releases the fix
commit is in, but I found that that commit doesn't seem to be in any
tags yet, either?
~/git/dolphinscheduler $ git tag --contains 7308888c703fbe227887d2426273100582096134
~/git/dolphinscheduler $
> References:
>
> https://github.com/apache/dolphinscheduler/pull/15192
> https://dolphinscheduler.apache.org
> https://www.cve.org/CVERecord?id=CVE-2023-49068
>
["signature.asc" (application/pgp-signature)]
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic