CVE-2020-13922

Medium

Versions of Apache DolphinScheduler prior to 1.3.2 allowed an ordinary user under any tenant to override another users password through the…

apache·CWE-264·Published 2021-01-11

CVSS

6.5

EPSS

0.02

KEV

Exploits

cve.orgen

154 chars

Versions of Apache DolphinScheduler prior to 1.3.2 allowed an ordinary user under any tenant to override another users password through the API interface.

NVDen

154 chars

Versions of Apache DolphinScheduler prior to 1.3.2 allowed an ordinary user under any tenant to override another users password through the API interface.

OSV.deven

154 chars

Versions of Apache DolphinScheduler prior to 1.3.2 allowed an ordinary user under any tenant to override another users password through the API interface.

GHSAen

154 chars

Versions of Apache DolphinScheduler prior to 1.3.2 allowed an ordinary user under any tenant to override another users password through the API interface.

NVDes

187 chars

Las versiones de Apache DolphinScheduler anteriores a 1.3.2, permitían a un usuario normal bajo cualquier inquilino anular la contraseña de otro usuario por medio de la interfaz de la API

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
2.0	Primary	NVD	4.0	8.0	2.9	AV:N/AC:L/Au:S/C:N/I:P/A:N
3.1	Primary	NVD	6.5	2.8	3.6	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N