Incorrect Default Permissions vulnerability in Apache DolphinScheduler.

This issue affects Apache DolphinScheduler: before 3.2.2.

Users are recommended to upgrade to version 3.3.1, which fixes the issue.
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

Tue, 09 Sep 2025 16:30:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:apache:dolphinscheduler:*:*:*:*:*:*:*:*

Wed, 03 Sep 2025 19:45:00 +0000

Type Values Removed Values Added
First Time appeared Apache
Apache dolphinscheduler
Vendors & Products Apache
Apache dolphinscheduler

Wed, 03 Sep 2025 16:15:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Wed, 03 Sep 2025 09:30:00 +0000

Type Values Removed Values Added
Description Incorrect Default Permissions vulnerability in Apache DolphinScheduler. This issue affects Apache DolphinScheduler: before 3.2.2. Users are recommended to upgrade to version 3.3.1, which fixes the issue.
Weaknesses CWE-276
References

cve-icon MITRE

Status: PUBLISHED

Assigner: apache

Published:

Updated: 2025-09-03T15:43:19.272Z

Reserved: 2024-08-07T10:39:22.903Z

Link: CVE-2024-43166

cve-icon Vulnrichment

Updated: 2025-09-03T13:44:51.653Z

cve-icon NVD

Status : Analyzed

Published: 2025-09-03T10:15:36.463

Modified: 2025-09-09T16:15:19.943

Link: CVE-2024-43166

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2025-09-03T19:30:18Z