MEDIUM 6.5

GHSA-694g-j8pj-cjj5

Apache DolphinScheduler: An incorrect authorization vulnerability allows authenticated users to access alert instances associated with alert groups they do not have permission to access.

상세

Allow authenticated users to access alert instances associated with alert groups they do not have permission to access. in Apache DolphinScheduler.

This issue affects Apache DolphinScheduler: before 3.4.2.

Users are recommended to upgrade to version 3.4.2, which fixes the issue.

이 버전이 영향받나요?

사용 중인 패키지 버전을 입력하면 즉시 평가합니다.

영향 패키지

Maven / org.apache.dolphinscheduler:dolphinscheduler-api

최초 영향 버전: 0 수정 버전: 3.4.2

수정 # pom.xml: bump <version>3.4.2</version> for org.apache.dolphinscheduler:dolphinscheduler-api

참고

https://nvd.nist.gov/vuln/detail/CVE-2026-47340 [ADVISORY]
https://github.com/apache/dolphinscheduler [PACKAGE]
https://lists.apache.org/thread/gx6v1wjb6qg3fzksxomysspy2gw54ooc [WEB]
http://www.openwall.com/lists/oss-security/2026/06/17/5 [WEB]