We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Crisp.chat (Helpdesk and Chat)

Ok

THREATINT
PUBLISHED

CVE-2023-25601

Apache DolphinScheduler 3.0.0 to 3.1.1 python gateway has improper authentication



Description

On version 3.0.0 through 3.1.1, Apache DolphinScheduler's python gateway suffered from improper authentication: an attacker could use a socket bytes attack without authentication. This issue has been fixed from version 3.1.2 onwards. For users who use version 3.0.0 to 3.1.1, you can turn off the python-gateway function by changing the value `python-gateway.enabled=false` in configuration file `application.yaml`. If you are using the python gateway, please upgrade to version 3.1.2 or above.

Reserved 2023-02-08 | Published 2023-04-20 | Updated 2025-02-13 | Assigner apache

Problem types

CWE-287 Improper Authentication

Product status

Default status
unaffected

3.0.0 before 3.1.2
affected

References

lists.apache.org/thread/25g77jqczp3t8cz56hk1p65q7m6c64rf vendor-advisory

www.openwall.com/lists/oss-security/2023/04/20/10

cve.org (CVE-2023-25601)

nvd.nist.gov (CVE-2023-25601)

Download JSON

Share this page
https://cve.threatint.eu/CVE/CVE-2023-25601

Support options

Helpdesk Chat, Email, Knowledgebase