CVE-2020-13922
Incorrect Default Permissions in maven/org.apache.dolphinscheduler/dolphinscheduler
Identifiers
CVE-2020-13922
Package Slug
maven/org.apache.dolphinscheduler/dolphinscheduler
Vulnerability
Incorrect Default Permissions
Description
Versions of Apache DolphinScheduler allowed an ordinary user under any tenant to override another users password through the API interface.
Affected Versions
All versions starting from 1.2.0 up to 1.3.1
Solution
Upgrade to version 1.3.2 or above.
Last Modified
2021-01-15
| source |