CVE-2023-49068

Source
https://cve.org/CVERecord?id=CVE-2023-49068
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-49068.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2023-49068
Aliases
Published
2023-11-27T09:49:42.477Z
Modified
2026-07-15T01:49:07.315650903Z
Summary
Apache DolphinScheduler: Information Leakage Vulnerability
Details

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache DolphinScheduler.This issue affects Apache DolphinScheduler: before 3.2.1.

Users are recommended to upgrade to version 3.2.1, which fixes the issue. At the time of disclosure of this advisory, this version has not yet been released. In the mean time, we recommend you make sure the logs are only available to trusted operators.

Database specific
{
    "cna_assigner": "apache",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/49xxx/CVE-2023-49068.json",
    "cwe_ids": [
        "CWE-200"
    ]
}
References

Affected packages

Git / github.com/apache/dolphinscheduler

Affected ranges

Type
GIT
Repo
https://github.com/apache/dolphinscheduler
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
Database specific
{
    "cpe": "cpe:2.3:a:apache:dolphinscheduler:*:*:*:*:*:*:*:*",
    "source": [
        "AFFECTED_FIELD",
        "CPE_RANGE"
    ],
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "fixed": "3.2.1"
        }
    ]
}

Affected versions

1.*
1.1.0-preview

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-49068.json"