Ce mail provient de l'extérieur, restons vigilants

=====================================================================

                            CERT-Renater

                Note d'Information No. 2025/VULN575
_____________________________________________________________________

DATE                : 03/09/2025

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): Systems running Apache DolphinScheduler versions
                                  prior to 3.3.1.

=====================================================================
https://lists.apache.org/thread/qm36nrsv1vrr2j4o5q2wo75h3686hrnj
https://lists.apache.org/thread/8zd69zkkx55qp365xp4tml1xh9og5lhk
_____________________________________________________________________

CVE-2024-43115: Apache DolphinScheduler: Alert Script Attack
Severity: low 


Affected versions:

- Apache DolphinScheduler before 3.2.2


Description:

Improper Input Validation vulnerability in Apache DolphinScheduler.
An authenticated user can execute any shell script server by alert
script.


This issue affects Apache DolphinScheduler: before 3.2.2.

Users are recommended to upgrade to version 3.3.1, which fixes the
issue.


Credit:

L0ne1y (reporter)


References:

https://lists.apache.org/thread/lh42ktbbg87wrr6854rd7kho83wxc6f9
https://dolphinscheduler.apache.org
https://www.cve.org/CVERecord?id=CVE-2024-43115

_____________________________________________________________________

CVE-2024-43166: Apache DolphinScheduler: CWE-276 Incorrect Default
Permissions

Severity: low 

Affected versions:

- Apache DolphinScheduler before 3.2.2


Description:

Incorrect Default Permissions vulnerability in Apache
DolphinScheduler.

This issue affects Apache DolphinScheduler: before 3.2.2.

Users are recommended to upgrade to version 3.3.1, which fixes
the issue.


Credit:

L0ne1y (reporter)


References:

https://lists.apache.org/thread/bzwc397wv9yywqttxn2ohtfp0lvg454y
https://dolphinscheduler.apache.org
https://www.cve.org/CVERecord?id=CVE-2024-43166




=========================================================
+ CERT-RENATER        |    tel : 01-53-94-20-44         +
+ 23/25 Rue Daviel    |    fax : 01-53-94-20-41         +
+ 75013 Paris         |   email:cert@support.renater.fr +
=========================================================