Advisory Database
  • Advisories
  • Dependency Scanning
  1. maven
  2. ›
  3. org.apache.dolphinscheduler/dolphinscheduler
  4. ›
  5. CVE-2024-43166

CVE-2024-43166: Apache DolphinScheduler Incorrect Default Permissions Vulnerability

September 3, 2025

Incorrect Default Permissions vulnerability in Apache DolphinScheduler.

This issue affects Apache DolphinScheduler: before 3.2.2.

Users are recommended to upgrade to version 3.3.1, which fixes the issue.

References

  • github.com/advisories/GHSA-rrpj-r8h7-rm7r
  • github.com/apache/dolphinscheduler
  • lists.apache.org/thread/8zd69zkkx55qp365xp4tml1xh9og5lhk
  • nvd.nist.gov/vuln/detail/CVE-2024-43166

Code Behaviors & Features

Detect and mitigate CVE-2024-43166 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →

Affected versions

All versions before 3.3.1

Fixed versions

  • 3.3.1

Solution

Upgrade to version 3.3.1 or above.

Weakness

  • CWE-276: Incorrect Default Permissions

Source file

maven/org.apache.dolphinscheduler/dolphinscheduler/CVE-2024-43166.yml

Spotted a mistake? Edit the file on GitLab.

  • Site Repo
  • About GitLab
  • Terms
  • Privacy Statement
  • Contact

Page generated Thu, 04 Sep 2025 12:19:46 +0000.