CVE-2024-43166 — Apache DolphinScheduler Incorrect Default Permissions Vulnerability

Description

Incorrect Default Permissions vulnerability in Apache DolphinScheduler. This issue affects Apache DolphinScheduler: before 3.2.2. Users are recommended to upgrade to version 3.3.1, which fixes the issue.

How to fix CVE-2024-43166

To remediate CVE-2024-43166, upgrade the affected package to a fixed version below.

Maven/org.apache.dolphinscheduler:dolphinscheduler—upgrade to 3.3.1 or later

Is CVE-2024-43166 being exploited?

Low — EPSS is 0.2%, meaning exploitation activity has not been observed at scale.

Affected packages (1)

from 0, < 3.3.1

References (3)

ADVISORYnvd.nist.gov/vuln/detail/CVE-2024-43166
PATCHgithub.com/apache/dolphinscheduler
WEBlists.apache.org/thread/8zd69zkkx55qp365xp4tml1xh9og5lhk