{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-17T12:17:02.199","vulnerabilities":[{"cve":{"id":"CVE-2023-49620","sourceIdentifier":"security@apache.org","published":"2023-11-30T09:15:07.227","lastModified":"2024-11-21T08:33:38.597","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Before DolphinScheduler version 3.1.0, the login user could delete UDF function in the resource center unauthorized (which almost used in sql task), with unauthorized access vulnerability (IDOR), but after version 3.1.0 we fixed this issue. We mark this cve as moderate level because it still requires user login to operate, please upgrade to version 3.1.0 to avoid this vulnerability"},{"lang":"es","value":"Antes de la versión 3.1.0 de DolphinScheduler, el usuario que iniciaba sesión podía eliminar la función UDF en el centro de recursos sin autorización (que casi se usaba en tareas SQL), con vulnerabilidad de acceso no autorizado (IDOR), pero después de la versión 3.1.0 solucionamos este problema. Marcamos esta cve como nivel moderado porque todavía requiere el inicio de sesión del usuario para funcionar. Actualice a la versión 3.1.0 para evitar esta vulnerabilidad."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":3.6}]},"weaknesses":[{"source":"security@apache.org","type":"Secondary","description":[{"lang":"en","value":"CWE-862"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:apache:dolphinscheduler:*:*:*:*:*:*:*:*","versionEndExcluding":"3.1.0","matchCriteriaId":"868EAD18-98C2-4BDD-A082-AFB75B79C3BC"}]}]}],"references":[{"url":"http://www.openwall.com/lists/oss-security/2023/11/30/4","source":"security@apache.org","tags":["Mailing List","Third Party Advisory"]},{"url":"https://github.com/apache/dolphinscheduler/pull/10307","source":"security@apache.org","tags":["Issue Tracking","Patch"]},{"url":"https://lists.apache.org/thread/zm4t1ykj4cro1c8183q7y32z0yzfz8yj","source":"security@apache.org","tags":["Mailing List","Vendor Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2023/11/30/4","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"https://github.com/apache/dolphinscheduler/pull/10307","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Patch"]},{"url":"https://lists.apache.org/thread/zm4t1ykj4cro1c8183q7y32z0yzfz8yj","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Vendor Advisory"]}]}}]}