Improper validation of script alert plugin parameters in Apache DolphinScheduler to avoid remote command execution vulnerability. This issue affects Apache DolphinScheduler version 3.0.1 and prior versions; version 3.1.0 and prior versions.
This attack can be performed only by authenticated users which can login to DS.
This attack can be performed only by authenticated users which can login to DS.
Metrics
Affected Vendors & Products
References
History
Sun, 13 Jul 2025 13:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
epss
|
epss
|
Thu, 03 Apr 2025 16:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
Thu, 13 Feb 2025 16:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | Improper validation of script alert plugin parameters in Apache DolphinScheduler to avoid remote command execution vulnerability. This issue affects Apache DolphinScheduler version 3.0.1 and prior versions; version 3.1.0 and prior versions. This attack can be performed only by authenticated users which can login to DS. | Improper validation of script alert plugin parameters in Apache DolphinScheduler to avoid remote command execution vulnerability. This issue affects Apache DolphinScheduler version 3.0.1 and prior versions; version 3.1.0 and prior versions. This attack can be performed only by authenticated users which can login to DS. |

Status: PUBLISHED
Assigner: apache
Published:
Updated: 2025-04-03T15:27:57.287Z
Reserved: 2022-11-24T08:21:11.029Z
Link: CVE-2022-45875

Updated: 2024-08-03T14:24:03.229Z

Status : Modified
Published: 2023-01-04T15:15:09.163
Modified: 2025-04-03T16:15:28.510
Link: CVE-2022-45875

No data.

No data.