MEDIUM 6.5

GHSA-694g-j8pj-cjj5

Apache DolphinScheduler: An incorrect authorization vulnerability allows authenticated users to access alert instances associated with alert groups they do not have permission to access.

Details

Allow authenticated users to access alert instances associated with alert groups they do not have permission to access. in Apache DolphinScheduler.

This issue affects Apache DolphinScheduler: before 3.4.2.

Users are recommended to upgrade to version 3.4.2, which fixes the issue.

Are you affected?

Enter the version of the package you're using.

Affected packages

Maven / org.apache.dolphinscheduler:dolphinscheduler-api

Introduced in: 0 Fixed in: 3.4.2

Fix # pom.xml: bump <version>3.4.2</version> for org.apache.dolphinscheduler:dolphinscheduler-api

References

https://nvd.nist.gov/vuln/detail/CVE-2026-47340 [ADVISORY]
https://github.com/apache/dolphinscheduler [PACKAGE]
https://lists.apache.org/thread/gx6v1wjb6qg3fzksxomysspy2gw54ooc [WEB]
http://www.openwall.com/lists/oss-security/2026/06/17/5 [WEB]