CVE-2020-13922

Summary

Versions of Apache DolphinScheduler prior to 1.3.2 allowed an ordinary user under any tenant to override another users password through the API interface.

Affected Software

VendorProductVersion RangeStatus
Apache Software FoundationApache DolphinSchedulerApache DolphinScheduler < 1.3.2affected

Weaknesses

  • CWE-264: CWE-264 Permissions, Privileges, and Access Controls

ADP Enrichment

CVE Program Container

Additional References

References