This issue affects Education Portal: before v1.1. Unrestricted Upload of File with Dangerous Type vulnerability in ArslanSoft Education Portal allows Command Injection. Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ArslanSoft Education Portal allows SQL Injection. A routine exists that allows an attacker to upload and execute arbitrary files. This weakness could result on tampering with the authentication/authorization data.Īrcserve UDP prior to 9.2 contained a vulnerability in the com.ca.4CPMImpl interface. Using the default examples database connection that allows access to both the examples schema and Apache Superset's metadata database, an attacker using a specially crafted CTE SQL statement could change data on the metadata database. Improper authorization check and possible privilege escalation on Apache Superset up to but excluding 2.1.2. In the meantime, we recommend you make sure the logs are only available to trusted operators. At the time of disclosure of this advisory, this version has not yet been released. Users are recommended to upgrade to version 3.2.1, which fixes the issue. This issue affects Apache DolphinScheduler: before 3.2.1. Users are recommended to upgrade to version 3.0.2, which fixes the issue.Įxposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache DolphinScheduler. Users who can't upgrade to the fixed version can also set environment variable `MANAGEMENT_ENDPOINTS_WEB_EXPOSURE_INCLUDE=health,metrics,prometheus` to workaround this, or add the following section in the `application.yaml` file ``` management: endpoints: web: exposure: include: health,metrics,prometheus ``` This issue affects Apache DolphinScheduler: from 3.0.0 before 3.0.2. The information exposed to unauthorized actors may include sensitive data such as database credentials. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis.Įxposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache DolphinScheduler. Patch information is provided when available. This information may include identifying information, values, definitions, and related links.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |