CVE-2020-13922: Incorrect Default Permissions

January 11, 2021 (updated January 14, 2021)

Versions of Apache DolphinScheduler allowed an ordinary user under any tenant to override another users password through the API interface.

References

nvd.nist.gov/vuln/detail/CVE-2020-13922

Detect and mitigate CVE-2020-13922 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →