Vulnerability Summary for the Week of November 27, 2023

 High Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
apache — dolphinscheduler Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache DolphinScheduler. The information exposed to unauthorized actors may include sensitive data such as database credentials. Users who can’t upgrade to the fixed version can also set environment variable `MANAGEMENT_ENDPOINTS_WEB_EXPOSURE_INCLUDE=health,metrics,prometheus` to workaround this, or add the following section in the `application.yaml` file “` management:   endpoints:     web:       exposure:         include: health,metrics,prometheus “` This issue affects Apache DolphinScheduler: from 3.0.0 before 3.0.2. Users are recommended to upgrade to version 3.0.2, which fixes the issue. 2023-11-24 7.5 CVE-2023-48796
 
apache — dolphinscheduler Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache DolphinScheduler. This issue affects Apache DolphinScheduler: before 3.2.1. Users are recommended to upgrade to version 3.2.1, which fixes the issue. At the time of disclosure of this advisory, this version has not yet been released. In the meantime, we recommend you make sure the logs are only available to trusted operators. 2023-11-27 […]
Content was cut in order to protect the source.Please visit the source for the rest of the article.

This article has been indexed from Bulletins

Read the original article: