CVE-2023-51770

HIGH

Apache DolphinScheduler <3.2.1 - Info Disclosure

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2023-51770. PoCs published by shoucheng3.

AI-analyzed exploit summary This repository contains a proof-of-concept for CVE-2023-51770, focusing on Apache DolphinScheduler. The provided scripts include deployment and environment setup for testing the vulnerability, with configurations for MySQL and PostgreSQL.

Description

Arbitrary File Read Vulnerability in Apache Dolphinscheduler. This issue affects Apache DolphinScheduler: before 3.2.1. We recommend users to upgrade Apache DolphinScheduler to version 3.2.1, which fixes the issue.

Exploits (2)

nomisec WORKING POC
by shoucheng3 · poc
https://github.com/shoucheng3/apache__dolphinscheduler_CVE-2023-51770_3_2_1_fixed

This repository contains a proof-of-concept for CVE-2023-51770, focusing on Apache DolphinScheduler. The provided scripts include deployment and environment setup for testing the vulnerability, with configurations for MySQL and PostgreSQL.

Classification
Working Poc 90%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Apache DolphinScheduler
No auth needed
Prerequisites: Access to the target system · Ability to execute scripts
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec WORKING POC
by shoucheng3 · poc
https://github.com/shoucheng3/apache__dolphinscheduler_CVE-2023-51770_3-2-00

This repository contains a proof-of-concept exploit for CVE-2023-51770, targeting Apache DolphinScheduler. The exploit involves environment setup and deployment scripts to demonstrate the vulnerability, likely related to unauthorized access or command execution.

Classification
Working Poc 90%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Apache DolphinScheduler 3.2.0
No auth needed
Prerequisites: Access to the target system · Bash environment
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4
Core References
Mailing List, Third Party Advisory
http://www.openwall.com/lists/oss-security/2024/02/20/2
Mailing List, Vendor Advisory vendor-advisory
https://lists.apache.org/thread/4t8bdjqnfhldh73gy9p0whlgvnnbtn7g
Mailing List, Vendor Advisory vendor-advisory
https://lists.apache.org/thread/gpks573kn00ofxn7n9gkg6o47d03p5rw

Scores

CVSS v3 7.5
EPSS 0.0134
EPSS Percentile 80.5%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-94
Status published
Products (2)
apache/dolphinscheduler 1.2.0 - 3.2.1
org.apache.dolphinscheduler/dolphinscheduler 0 - 3.2.1Maven
Published Feb 20, 2024
Tracked Since Feb 18, 2026