CVE-2023-25601
Apache DolphinScheduler 3.0.0 to 3.1.1 python gateway has improper authentication
Vexday Risk Score
3Bajo
Decisión SSVC (CISA)
Track
Sin señal de explotación → monitorear
CVSS —EPSS 1.1%KEV nãoPoC —Nuclei —Metasploit —Patch referenciado
Ciclo de vida
20 abr 2023Publicada en NVD
Recomendación: Monitorear — sin señal de explotación por ahora.
On version 3.0.0 through 3.1.1, Apache DolphinScheduler's python gateway suffered from improper authentication: an attacker could use a socket bytes attack without authentication. This issue has been fixed from version 3.1.2 onwards. For users who use version 3.0.0 to 3.1.1, you can turn off the python-gateway function by changing the value `python-gateway.enabled=false` in configuration file `application.yaml`. If you are using the python gateway, please upgrade to version 3.1.2 or above.
Productos afectados
Apache Software Foundation · Apache DolphinScheduler¿Quieres saber si tu infraestructura está expuesta a esto?
Hablar con TrueHacking →