Apache DolphinScheduler < 3.0.0 - Authenticated Path Traversal via Resource Center
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2022-34662. PoCs published by shoucheng3.
AI-analyzed exploit summary The repository contains no exploit code or technical analysis for CVE-2022-34662. It only includes project configuration files, issue templates, and workflows, which are unrelated to the vulnerability.
Description
When users add resources to the resource center with a relation path will cause path traversal issues and only for logged-in users. You could upgrade to version 3.0.0 or higher
Exploits (1)
nomisec
STUB
by shoucheng3 · poc
https://github.com/shoucheng3/apache__dolphinscheduler_CVE-2022-34662_2-0-9
The repository contains no exploit code or technical analysis for CVE-2022-34662. It only includes project configuration files, issue templates, and workflows, which are unrelated to the vulnerability.
Classification
Stub 90%
Attack Type
Other
Complexity
N/a
Reliability
N/a
Target:
Apache DolphinScheduler
No auth needed
devstral-2 · analyzed Feb 18, 2026
Full analysis →
References (2)
Core 2
Core References
Mailing List mailing-list
http://www.openwall.com/lists/oss-security/2022/11/01/13
Mailing List, Third Party Advisory
https://lists.apache.org/thread/pbdzqf9ntxyvs4cr0x2dgk9zlf43btz8
Scores
CVSS v3
6.5
EPSS
0.0105
EPSS Percentile
78.0%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Lab Environment
COMMUNITY
Community Lab
Details
CWE
CWE-22
Status
published
Products (2)
apache/dolphinscheduler
< 3.0.0
org.apache.dolphinscheduler/dolphinscheduler
0 - 3.0.0Maven
Published
Nov 01, 2022
Tracked Since
Feb 18, 2026