QwikSec

Security Database

CVE

CWE

Training

CVE-2022-45875

Published: Jan 4, 2023

Modified: Apr 3, 2025

PUBLISHED

Description

Improper validation of script alert plugin parameters in Apache DolphinScheduler to avoid remote command execution vulnerability. This issue affects Apache DolphinScheduler version 3.0.1 and prior versions; version 3.1.0 and prior versions. This attack can be performed only by authenticated users which can login to DS.

Vendor	Product	Versions
Apache Software Foundation	Apache DolphinScheduler	affected `3.0 - <= 3.0.1` affected `3.1 - <= 3.1.0`

Weaknesses (CWE)

References

https://lists.apache.org/thread/r0wqzkjsoq17j6ww381kmpx3jjp9hb6r

vendor-advisory

http://www.openwall.com/lists/oss-security/2023/11/22/2

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.