CVE-2020-13922: Incorrect Default Permissions in Apache DolphinScheduler
(updated )
Versions of Apache DolphinScheduler prior to 1.3.2 allowed an ordinary user under any tenant to override another users password through the API interface.
References
- github.com/advisories/GHSA-qhh5-9738-g9mx
- github.com/apache/incubator-dolphinscheduler
- github.com/apache/incubator-dolphinscheduler/commit/b8a9e2e00f2f207ae60c913a7173b59405ff95f1
- github.com/pypa/advisory-database/tree/main/vulns/apache-dolphinscheduler/PYSEC-2021-876.yaml
- nvd.nist.gov/vuln/detail/CVE-2020-13922
- www.mail-archive.com/announce%40apache.org/msg06076.html
- www.mail-archive.com/announce@apache.org/msg06076.html
Detect and mitigate CVE-2020-13922 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →