Before DolphinScheduler version 3.1.0, the login user could delete UDF function in the resource center unauthorized (which almost used in sql task), with unauthorized access vulnerability (IDOR), but after version 3.1.0 we fixed this issue. We mark this cve as moderate level because it still requires user login to operate, please upgrade to version 3.1.0 to avoid this vulnerability
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: apache

Published: 2023-11-30T08:17:01.765Z

Updated: 2024-08-02T22:01:25.904Z

Reserved: 2023-11-28T07:30:24.598Z

Link: CVE-2023-49620

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Analyzed

Published: 2023-11-30T09:15:07.227

Modified: 2023-12-05T19:08:12.707

Link: CVE-2023-49620

cve-icon Redhat

No data.