CVE-2024-43115

HIGH LAB

Apache DolphinScheduler <3.2.2 - RCE

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2024-43115. PoCs published by exploitintel.

AI-analyzed exploit summary This repository contains functional exploit code for CVE-2024-43115, an authenticated RCE vulnerability in Apache DolphinScheduler's Script Alert Plugin. The PoC demonstrates arbitrary binary execution via exit code differentiation and full shell script execution with output capture.

Description

Improper Input Validation vulnerability in Apache DolphinScheduler. An authenticated user can execute any shell script server by alert script. This issue affects Apache DolphinScheduler: before 3.2.2. Users are recommended to upgrade to version 3.3.1, which fixes the issue.

Exploits (1)

github WORKING POC 1 stars

by exploitintel · pythonpoc

https://github.com/exploitintel/eip-pocs-and-cves/tree/main/CVE-2024-43115

View Code ZIP pw:eip

This repository contains functional exploit code for CVE-2024-43115, an authenticated RCE vulnerability in Apache DolphinScheduler's Script Alert Plugin. The PoC demonstrates arbitrary binary execution via exit code differentiation and full shell script execution with output capture.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Apache DolphinScheduler < 3.2.2

Auth required

Prerequisites: authenticated access to DolphinScheduler API · Docker environment for lab setup

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter T1203 - Exploitation for Client Execution

devstral-2 · analyzed Mar 04, 2026 Full analysis →

References (2)

Core 2

Core References

Mailing List

http://www.openwall.com/lists/oss-security/2025/09/03/1

Mailing List vendor-advisory

https://lists.apache.org/thread/qm36nrsv1vrr2j4o5q2wo75h3686hrnj

Scores

CVSS v3 8.8

EPSS 0.0010

EPSS Percentile 27.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Lab Environment

EIP LAB

vulnerable docker pull ghcr.io/exploitintel/cve-2024-43115-vulnerable:latest

View in Library GitHub

Details

CWE

CWE-20

Status published

Products (2)

apache/dolphinscheduler < 3.2.2

org.apache.dolphinscheduler/dolphinscheduler 0 - 3.2.2Maven

Published Sep 03, 2025

Tracked Since Feb 18, 2026