CVE-2022-45875 - OpenCVE

Improper validation of script alert plugin parameters in Apache DolphinScheduler to avoid remote command execution vulnerability. This issue affects Apache DolphinScheduler version 3.0.1 and prior versions; version 3.1.0 and prior versions. This attack can be performed only by authenticated users which can login to DS.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Apache	Dolphinscheduler

Configuration 1 [-]

OR	cpe:2.3:a:apache:dolphinscheduler::::::::
	cpe:2.3:a:apache:dolphinscheduler:3.1.0:::::::*

No data.

References

Link	Providers
http://www.openwall.com/lists/oss-security/2023/11/22/2
https://lists.apache.org/thread/r0wqzkjsoq17j6ww381kmpx3jjp9hb6r

History

No history.

MITRE

Status: PUBLISHED

Assigner: apache

Published: 2023-01-04T14:57:45.334Z

Updated: 2024-08-03T14:24:03.229Z

Reserved: 2022-11-24T08:21:11.029Z

Link: CVE-2022-45875

Vulnrichment

No data.

NVD

Status : Modified

Published: 2023-01-04T15:15:09.163

Modified: 2023-11-22T09:15:07.470

Link: CVE-2022-45875

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2022-45875", "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "state": "PUBLISHED", "assignerShortName": "apache", "dateReserved": "2022-11-24T08:21:11.029Z", "datePublished": "2023-01-04T14:57:45.334Z", "dateUpdated": "2024-08-03T14:24:03.229Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Apache DolphinScheduler", "vendor": "Apache Software Foundation", "versions": [{"lessThanOrEqual": "3.0.1", "status": "affected", "version": "3.0", "versionType": "custom"}, {"lessThanOrEqual": "3.1.0", "status": "affected", "version": "3.1", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "value": "4ra1n of Chaitin Tech"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Improper validation of script alert plugin parameters in Apache DolphinScheduler to avoid remote command execution vulnerability. This issue affects Apache DolphinScheduler version 3.0.1 and prior versions; version 3.1.0 and prior versions.<br><span style=\"background-color: rgb(255, 255, 255);\">This attack can be performed only by authenticated users which can login to DS.</span><br><br>"}], "value": "Improper validation of script alert plugin parameters in Apache DolphinScheduler to avoid remote command execution vulnerability. This issue affects Apache DolphinScheduler version 3.0.1 and prior versions; version 3.1.0 and prior versions.\nThis attack can be performed only by authenticated users which can login to DS.\n\n"}], "metrics": [{"other": {"content": {"text": "low"}, "type": "Textual description of severity"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-20", "description": "CWE-20 Improper Input Validation", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "shortName": "apache", "dateUpdated": "2023-11-22T08:29:03.589Z"}, "references": [{"tags": ["vendor-advisory"], "url": "https://lists.apache.org/thread/r0wqzkjsoq17j6ww381kmpx3jjp9hb6r"}, {"url": "http://www.openwall.com/lists/oss-security/2023/11/22/2"}], "source": {"discovery": "UNKNOWN"}, "title": "Apache DolphinScheduler: Remote command execution Vulnerability in script alert plugin", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T14:24:03.229Z"}, "title": "CVE Program Container", "references": [{"tags": ["vendor-advisory", "x_transferred"], "url": "https://lists.apache.org/thread/r0wqzkjsoq17j6ww381kmpx3jjp9hb6r"}, {"url": "http://www.openwall.com/lists/oss-security/2023/11/22/2", "tags": ["x_transferred"]}]}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:apache:dolphinscheduler:*:*:*:*:*:*:*:*", "matchCriteriaId": "8B1DBC21-9334-404C-857D-681FA609DAD6", "versionEndExcluding": "3.0.2", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:dolphinscheduler:3.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "60070834-41AF-44F1-BA8A-5397D5915504", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Improper validation of script alert plugin parameters in Apache DolphinScheduler to avoid remote command execution vulnerability. This issue affects Apache DolphinScheduler version 3.0.1 and prior versions; version 3.1.0 and prior versions.\nThis attack can be performed only by authenticated users which can login to DS.\n\n"}, {"lang": "es", "value": "Validaci\u00f3n incorrecta de los par\u00e1metros del complemento de alerta de script en Apache DolphinScheduler para evitar la vulnerabilidad de ejecuci\u00f3n remota de comandos. Este problema afecta a Apache DolphinScheduler versi\u00f3n 3.0.1 y versiones anteriores; versi\u00f3n 3.1.0 y versiones anteriores. Este ataque solo lo pueden realizar usuarios autenticados que puedan iniciar sesi\u00f3n en DS."}], "id": "CVE-2022-45875", "lastModified": "2023-11-22T09:15:07.470", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-01-04T15:15:09.163", "references": [{"source": "security@apache.org", "url": "http://www.openwall.com/lists/oss-security/2023/11/22/2"}, {"source": "security@apache.org", "tags": ["Mailing List", "Vendor Advisory"], "url": "https://lists.apache.org/thread/r0wqzkjsoq17j6ww381kmpx3jjp9hb6r"}], "sourceIdentifier": "security@apache.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "security@apache.org", "type": "Primary"}]}