Apache DolphinScheduler Prior to 1.3.2 API Password Override Vulnerability
CVE-2020-13922 · MEDIUM Severity
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Versions of Apache DolphinScheduler prior to 1.3.2 allowed an ordinary user under any tenant to override another users password through the API interface.
Learn more about our Cis Benchmark Audit For Apache Http Server.