CVE-2024-29831
HIGHApache DolphinScheduler < 3.2.2 - Authenticated Remote Code Execution via Switch Task Plugin
Title source: llmDescription
Improper Input Validation vulnerability in Apache DolphinScheduler. An authenticated user can cause arbitrary, unsandboxed javascript to be executed on the server. If you are using the switch task plugin, please upgrade to version 3.2.2.
References (2)
Core 2
Core References
Mailing List, Third Party Advisory
http://www.openwall.com/lists/oss-security/2024/08/09/6
Vendor Advisory vendor-advisory
https://lists.apache.org/thread/x1ch0x5om3srtbnp7rtsvdszho3mdrq0
Scores
CVSS v3
8.8
EPSS
0.0034
EPSS Percentile
56.7%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-20
Status
published
Products (2)
apache/dolphinscheduler
< 3.2.2
org.apache.dolphinscheduler/dolphinscheduler
0 - 3.2.2Maven
Published
Aug 12, 2024
Tracked Since
Feb 18, 2026