CVE-2020-13922
maven/org.apache.dolphinscheduler/dolphinscheduler
Incorrect Default Permissions
Versions of Apache DolphinScheduler allowed an ordinary user under any tenant to override another users password through the API interface.
All versions starting from 1.2.0 up to 1.3.1
Upgrade to version 1.3.2 or above.
2021-01-15
source |