Apache DolphinScheduler Prior to 1.3.2 API Password Override Vulnerability

Apache DolphinScheduler Prior to 1.3.2 API Password Override Vulnerability

CVE-2020-13922 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Versions of Apache DolphinScheduler prior to 1.3.2 allowed an ordinary user under any tenant to override another users password through the API interface.

Learn more about our Cis Benchmark Audit For Apache Http Server.