High Vulnerabilities
| Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| apache — dolphinscheduler | Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache DolphinScheduler. The information exposed to unauthorized actors may include sensitive data such as database credentials. Users who can’t upgrade to the fixed version can also set environment variable `MANAGEMENT_ENDPOINTS_WEB_EXPOSURE_INCLUDE=health,metrics,prometheus` to workaround this, or add the following section in the `application.yaml` file “` management: endpoints: web: exposure: include: health,metrics,prometheus “` This issue affects Apache DolphinScheduler: from 3.0.0 before 3.0.2. Users are recommended to upgrade to version 3.0.2, which fixes the issue. | 2023-11-24 | 7.5 | CVE-2023-48796 |
| apache — dolphinscheduler | Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache DolphinScheduler. This issue affects Apache DolphinScheduler: before 3.2.1. Users are recommended to upgrade to version 3.2.1, which fixes the issue. At the time of disclosure of this advisory, this version has not yet been released. In the meantime, we recommend you make sure the logs are only available to trusted operators. | 2023-11-27 | […] Content was cut in order to protect the source.Please visit the source for the rest of the article. This article has been indexed from Bulletins
Read the original article: Post navigation |