CVE-2022-34662

Description

When users add resources to the resource center with a relation path will cause path traversal issues and only for logged-in users. You could upgrade to version 3.0.0 or higher

CVSS breakdown

CVSS 3.1

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

None

Availability

None

Affected products

Apache Software Foundation / Apache DolphinSchedulerApache DolphinScheduler – 3.0.0-beta-1

References

MAILING_LISThttps://lists.apache.org/thread/pbdzqf9ntxyvs4cr0x2dgk9zlf43btz8
MAILING_LISThttp://www.openwall.com/lists/oss-security/2022/11/01/13